Creating a configuration for a VPN client
N.B. If you are using Username and Password authentication, you do not need to bother with this section.
In the Network > VPN section in webadmin, click on the Client configuration tab. You will see a page like the following:
You can create a new configuration simply by entering a name (single word only) in the Name: box and clicking Create. If you want to protect the key with a passphrase, enter it twice in the Passphrase: boxes. If a passphrase is used, it will need to be entered every time the VPN client connects.
The Local Network: box allows you to tell the VPN server about the local network attached to this VPN client. This will allow that whole network to be accessed from the NetManager and its local network (i.e. it effectively links two whole networks together).
Once configurations have been created, you can download the configurations as either
.ovpn (for use by the Windows OpenVPN software) or
.conf (for use by all other version of OpenVPN).
If you suspect a client has been compromised, you can revoke the configuration with the relevant link. A new configuration with the same name can then be created.
Allowing users to manage their own configurations and passphrases
If you use usernames as your client configuration names, then it is possible to allow those users to log onto webadmin themselves, but only get the option to download their own configuration and set a passphrase.
To do this, go to System > Admins in webadmin and grant access to Network > VPN to the appropriate user or group. You must then ensure you have ticked the Download personal configuration only box in the left-hand column and clicked OK to save.
This screenshot shows a suitable configuration:
When the user first tries to download their configuration, they will have the option to set a passphrase. This is shown in the VPN Client Configuration walkthrough.