Site to Mobile VPN Configuration

Create a VPN Realm in zID

1. Log in to zID
   Access zID at the following URL:
   https://<domainname>:8082/

   Note: Login credentials will be provided by the support team upon request.

   

2. Create a VPN Realm
   • Click Add Realm.
     
   • Provide the realm name (e.g., vpn) and click the Create button.
     
3. Create a VPN Client
   • Navigate to Clients (Realms → VPN → Clients) and click Create.
     
   • Provide the Client ID (e.g., vpn-client) and click Save.
     
   • Configure the client settings as follows:
     Access Type: Confidential
Standard Flow Enabled: Off
Direct Access Grant Enabled: On


     Click Save after making the changes.
     

4. Create or Import VPN Users
   • Users can be created manually or imported in bulk using a script.
     Refer to the Import Bulk Users Guide for details on script-based user creation.
   • Manual User Creation:
     • Go to Users (Realms → VPN → Users) and click Add User. Provide user details and click Save.
       
       
     • Set a password, ensuring the Temporary option is turned off, and click Set Password.
       
       
5. SMTP Configuration in zID
   Refer to the SMTP Configuration Guide.
6. Reset User Password (If Required)
   • Log in to the VPN Realm Console at https://<director_ip>:8082/auth/admin/vpn/console.
   • Click Forgot Password, provide the user’s email, and click Submit.
     
     
   • Follow the reset link, provide a new password, and confirm.
     
     

On the DC CPE: Create Server Certificate and Tunnel

1. Generate Server Certificate
   Navigate to Security (Edge Controller → CPE ID → Security → X509 → Certificates), fill in the required details, and click Generate.
   
2. Create a Tunnel
   • Obtain the Client ID, Secret, and Token URL from zID:
     • Log in to zID, navigate to Clients (Realms → VPN → Clients → <vpn_client_id> → Credentials), and copy the secret.
       
   • Go to Tunnels (Edge Controller → CPE ID → Network → Tunnels → SiteToMobileVPN) and provide the following details:
     Description: VPN00
Tunnel ID: Auto-generated
Remote Port: <e.g., 10001>
Protocol: UDP (only UDP is supported)
Local IP: WANxx IP of the CPE
Gateway: WANxx Gateway
DHCP Pool: <e.g., 10.130.101.0/24>
Advertise Networks: <e.g., 172.5.0.0/24>


     

   • In the Authorization section, configure as follows:
     Authorization Type: OAuth
Server Certificate: Select the generated certificate
Client ID: vpn-client
Client Secret: Copy from zID
Token Endpoint: `https://<domainname>:8082/auth/realms/vpn/protocol/openid-connect/token`


     Replace <domainname> with your domain or IP in the token URL.
     

3. Update DC CPE Metadata
   WAN1_PUB_IP: 203.199.x.x
WAN1_PUB_PORT: 10001 WAN2_PUB_IP: 14.194.x.x
   WAN2_PUB_PORT: 10002 Site-2-Mobile: Site-2-Mobile

   

4. Create Mobile Clients
   • Clients can be created manually or in bulk using a script. Refer to the Client Creation Guide.
   • For manual creation:
     • Navigate to Mobile Devices (Device Management → Edge Controllers → Mobile Devices).
     • Provide the required details, then click Create.
       
     • Download the .ovpn configuration file.
       

Installing and Configuring OpenVPN Client

Android

Installation

1. Open the Google Play Store on your device.
2. Search for OpenVPN Connect and install the app.

Importing Configuration and Certificates

1. Transfer the .ovpn configuration file to your Android device (via email, USB, or a cloud storage service).
2. Open the OpenVPN Connect app.
3. Tap the File tab or the Import Profile option.
4. Locate and select the .ovpn file.
5. If required, ensure the server certificate is included in the .ovpn file or import it manually if instructed.

Connecting to the VPN

1. After importing the configuration, the VPN profile will appear in the app.
2. Tap the profile and select Connect.
3. Enter your username and password (if prompted).
4. Approve the connection request when prompted.
5. Verify the status changes to “Connected.”

iOS

Installation

1. Open the App Store on your iPhone or iPad.
2. Search for OpenVPN Connect and install the app.

Importing Configuration and Certificates

1. Transfer the .ovpn configuration file to your iOS device using one of the following methods:
   • Email the file to yourself and open it with the OpenVPN app.
   • Use AirDrop to send the file to your iOS device.
   • Upload the file to a cloud storage service (e.g., iCloud, Google Drive) and access it via the app.
2. Open the OpenVPN Connect app.
3. Tap the Import Profile or “+” icon, then select the .ovpn file.
4. If required, ensure the server certificate is included in the .ovpn file or import it manually if instructed.

Connecting to the VPN

1. Once the configuration is imported, the VPN profile will be visible in the app.
2. Tap the profile and select Connect.
3. Enter your username and password (if prompted).
4. Approve the connection request when prompted.
5. Confirm the connection status as “Connected.”

Windows

Installation

1. Visit the official OpenVPN website (https://openvpn.net/).
2. Navigate to the Downloads section and download the OpenVPN Connect client for Windows.
3. Install the application following the on-screen instructions.

Importing Configuration and Certificates

1. Save the .ovpn configuration file to your computer.
2. Open the OpenVPN Connect client on your Windows system.
3. Click the Import Profile option.
4. Locate and upload the .ovpn file.
5. If required, ensure the server certificate is included in the .ovpn file or import it manually if instructed.

Connecting to the VPN

1. The imported profile will appear in the OpenVPN client.
2. Select the profile and click Connect.
3. Enter your username and password (if prompted).
   
4. Approve the connection request when prompted.
5. Verify the status changes to “Connected” and confirm VPN access.

Verifying Connection

1. Check for the connected status in the app.
2. Verify you can access resources on the VPN network.