OpenVPN Support Forum

Hi, i am not new to VPN, i am however new to openVPN, i have played with the Windows PC server and a QNAP NAS running QVPN server both running as openVPN servers, however my question is this.

I have an appliance (phone) that supports openVPN, but is asking for 3 certificates, how do i get these certificates from the Windows Server or QNAP appliance running openVPN? (the openVPN system only seems to download 1 certificate)

Cetificates needed are:
- OpenVPN® CA
- OpenVPN® certificate
- OpenVPN® Client Key

Image of the client device asking for them:

You need to painfully generate them following this painful guide, keep in mind your certs won't be valid for a few hours after you generate them.

https://community.openvpn.net/openvpn/w ... dows_Guide

Hi Thanks..... i have the manufacture looking at this as well, they seem to be saying the username / password should work, i am not sure it does, so they are working on it as well.

CA should be the same as the server, CRT and KEY are client specific and should be generated from openvpn server installation, also, that client doesn't ask for a ta.key, which I think is needed for TLS, so you should probably disable that on the server, somehow. Also make sure the cipher method matches the server, AES-256 is the standard. Not sure about username, windows client never asks user input on that, just the password, and the password is "stamped" on the client certificate.

Thanks, i have a new firewall (Watchguard) appearing in about a week, i will be investigating this a lot more than, they support openVPN also, ive not looked at it since first trying all this. The Windows PCs work fine, its this device (phone) thats creating an issue.

Oh no, I hate Watchguard, mainly because of the licensing thing, you can't basicly have a proper firewall without 10 licences one for each thing, you're gonna have to get a VPN license for that to work. I might not be 100% correct on this though.

We are a watchguard reseller, you dont need licenses, the firewall is free, to be warrantied you need "license", however the VPN is free on them (up to a certain amount).

They do however have "services" you pay for which we never sell, when the "license" for the unit expires it continues to work as a firewall WITH the built in VPN it came with, you cant however upgrade the firmware once the support stops. It will work indefinitely as a firewall with the base VPN (SSL / site to site etc...), sure you want LOADS of SSL and site to site then you need to pay for it...