(Archived) How to connect to an OpenVPN endpoint
You have tried to access an archived page. Please go to the new https://root360.atlassian.net/wiki/spaces/KB to find more documents.
- 1 General process
- 1.1 1. Preconditions
- 1.2 2. Request activation of OpenVPN
- 1.3 3. activate MFA (if enabled)
- 1.4 4. Install and configure OpenVPN client
- 1.4.1 4.1 Windows
- 1.4.2 4.2 Linux
- 1.5 5. Establish connection
- 1.5.1 5.1 Windows
- 1.5.2 5.2 Linux - Manual Start
- 1.6 6. Additional info
- 1.6.1 6.1 Create CSR
- 1.6.1.1 6.1.1 Sample commands for Windows
- 1.6.1.2 6.1.2 Sample commands for Linux
- 1.6.1 6.1 Create CSR
General process
OpenVPN is disabled by default.
When OpenVPN is enabled by root360 for specific users, they are able to connect to the bastion host using a TLS-secured private tunnel. When addionally MFA is active for the environment a valid token must be provided upon connect.
Following steps are required to enable and use OpenVPN:
check and accept preconditions
request activation of OpenVPN and optionally MFA
activate MFA if it is enabled
obtain the VPN client config, install and configure OpenVPN client
establish VPN connection
1. Preconditions
MFA preconditions, if MFA is enabled for the target environment
2. Request activation of OpenVPN
Request activation of OpenVPN for a dedicated environment via change request at https://support.root360.cloud.
3. activate MFA (if enabled)
Follow the steps for MFA activation.
4. Install and configure OpenVPN client
4.1 Windows
Download the OpenVPN Windows installer
Install the client software (make sure to tick "EasyRSA 2 Certificate Management Scripts" )
Create a Certificate Signing Request (see additional infos below) and send the resulting CSR file to root360 via https://share.root360.cloud/
Get the OpenVPN client config file including the signed certificate from root360
Copy the content of your private key into the config file (into the key section)
<key> -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- </key>
Copy the secret VPN config file into directory C:\Users\<your-user>\OpenVPN\config
4.2 Linux
Install the OpenVPN client and easy-rsa using your package manager
Create a Certificate Signing Request (see additional infos below) and send the resulting CSR file to root360 via https://share.root360.cloud/
Get the OpenVPN client config file including the signed certificate from root360
Copy the content of your private key into the config file (into the key section)
<key> -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- </key>
Copy the secret VPN config file into a directory of your choice
5. Establish connection
5.1 Windows
Start the programm OpenVPN GUI
Double-click the OpenVPN GUI systray icon (lower right desktop corner) to start the connection
Enter your username and the MFA token
5.2 Linux - Manual Start
Run OpenVPN client
openvpn --config /path/to/secret_vpn_config
Enter your username and the MFA token
6. Additional info
6.1 Create CSR
see example code below for your operating system:
make sure to replace <username> with your name in format <first-digit-of-prename>_<surname> (e.g. j_doe) AND prepend the current date in format YYYYMMDD (e.g. 20200103): j_doe_20200103
make sure to set valid values for at least Organization Name (your company), Name and Email Address (your email address registered in root360 support portal) as these information will be checked
we recommend to secure your certificate with a strong password:
at least one lower-case character
at least upper-case character
at least one digit
at least 8 characters
optionally with symbols
copy the content of keys\<your-name>.csr into https://share.root360.cloud/
send the share link into the ticket requesting OpenVPN activation
6.1.1 Sample commands for Windows
6.1.2 Sample commands for Linux
While running this command the following warning might be printed and can be ignored:
root360 Knowledge Base - This portal is hosted by Atlassian (atlassian.com | Privacy Policy)