Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Defaults

By default, the phone does not attempt to connect using OpenVPN.  These options must be enabled.

Recommended Firmware

At present, all released versions of firmware support OpenVPN connectivity.

Compatibility

OpenVPN connectivity is supported by models A20, A22, A25, and A30.

Important Notes

OpenVPN server configuration must not require manual password entry in order to connect.  The phone does not provide the user a means of inputting user and/or password credentials as a part of VPN connection.

Certificates have been tested in CRT format only.

Requirements

In order to connect to an OpenVPN server, the phone utilizes an OpenVPN configuration file (client.ovpn), a Root (CA) certificate (ca.crt) ,client KEY (client.key), and client CRT (client.crt) files.  These files must be manually updated to the phone, using an admin web UI user.  Or, the phone must be configured to retrieve a .tar.gz file containing them, using its configuration file.  The phone will, when directed by its configuration, attempt to cURL those files in from a defined http or tftp server.  

...

It is important to note that the phone must be able to retrieve the OpenVPN configuration files without actually being connected to the VPN.  This presents a chicken-and-egg scenario that is most often solved by connecting the phone to an already-secure network, feeding it a configuration file that points to VPN configuration files that can be retrieved, and then, once successfully loaded, moving the phone to the insecure network.

Configuration

Configuration of OpenVPN can be performed via the phone's web UI.  This section will cover configuration via the phone's configuration file.

...

No Format
tar czvf etc.tar.gz ca.crt client.crt client.key client.ovpn

 

When the VPN is Enabled

When the Enable VPN Tunnel element is enabled on the phone, the phone will display a lock in the status bar, e.g.:

...