Create a Client File for Windows Client
You can create a client file with .ovpn extension with a text editor (e.g. notepad++), or download a client.ovpn sample file.
- Open the client.ovpn file with a text editor.
- Edit the following options according to the VPN server settings on your PBX.Note: The client and server must use the same settings.
- Specify the hostname/IP and port of VPN server.
In this example, we have forwarded the VPN server 10.8.0.1 1194 to 110.80.36.162 7086.
remote 110.80.36.162 7086 - Set the protocol to UDP or TCP.
In this example, UDP is enabled, and TCP is disabled.
proto udp ;proto tcp - Set the device mode to TAP or TUN.
In this example, TAP is enabled, and TUN is disabled.
dev tap ;dev tun - Set the cryptographic cipher.
Table 1. Cryptographic cipher on server Cryptographic cipher on client BlowFish cipher BF-CBC AES-128 cipher AES-128-CBC AES-256 cipher AES-256-CBC Triple-DES cipher DES-EDE3-CBC In this example, AES-256 is set on server, then enable AES-256-CBC.
;cipher BF-CBC ;cipher AES-128-CBC cipher AES-256-CBC ;cipher DES-EDE3-CBC - If Compression is enabled on server, you need to
enable compression on the VPN
client.
comp-lzo - If Username/Password Authentication is used on server, you need
to specify the passfile
file.
auth-user-pass passfile - If SSL/TLS and a ta.key is
used on the server, you need to specify the TLS Authentication & TA
Key.
tls-auth ta.key 1 - Specify the CA certificate file used on
server.
ca ca.crt
- Specify the hostname/IP and port of VPN server.
- Specify the Windows client certificate and key file.
In this example, Windows.crt and Windows.key is specified.
cert Windows.crt key Windows.key - Edit other options according to your
need.
persist-key persist-tun verb 3 resolv-retry infinite remote-cert-tls server nobind ;dev-node MyTap ;remote-random ;http-proxy-retry ;http-proxy [proxy server] [proxy port #] ;mute-replay-warnings ;mute 20 - Save the client file.
You can rename client.ovpn to identify, such as: Windows.ovpn.