Connecting to Access Server with Windows

Client software choice

The OpenVPN protocol is not one that is built into Windows. Therefore a client program is required that can handle capturing the traffic you wish to send through the OpenVPN tunnel, and encrypting it and passing it to the OpenVPN server. And of course, the reverse, to decrypt the return traffic. So a client program is required, and there are some options here. We do not intend to limit our customers and cause a type of vendor lock-in situation. We try to keep connectivity and the choice of client software open, although we do recommend the official OpenVPN Connect Client of course.

Official OpenVPN Connect Client in Access Server

The simplest one, and the one that comes with OpenVPN Access Server itself, is called OpenVPN Connect Client. This program is purposefully limited in its functionality in the sense that it only supports one active VPN tunnel at a time. Trying to connect to two different servers at the same time is a function we did not build into our official OpenVPN Connect Client. And we did so on purpose. Connecting to two servers at the same time means there are two different adjustments made to the routing table on the client computer. It is very easy therefore to make a mistake and break connectivity. Limiting this to one server makes this less likely to go wrong. The OpenVPN Connect Client is able to remember multiple different servers, but only one can be active at a time.

To obtain the OpenVPN Connect Client, log on to your Access Server's web interface (not the /admin portion) and log on with valid credentials. The OpenVPN Connect Client will be offered for download automatically. Download and install it, and in the system tray (next to the clock on your screen) at the bottom right, you will see a new orange OpenVPN icon show up. Click it and navigate the menu to find the option to connect to your server, and you'll be asked for credentials, or you'll be connected immediately when you're using an auto-login privileged account. Use the same tray menu to disconnect.

After initial installation you can use the system tray menu to start and stop the connection from now on.

This program is designed to function on Windows Vista, 7, 8, and Windows 10.

OpenVPN open source OpenVPN GUI program

The open source project has a client for Windows operating systems as well. It is called OpenVPN GUI and it is less limited in functionality than the OpenVPN Connect Client because it does support the option to connect to multiple OpenVPN servers at the same time, and it also comes with a service component that can automatically and silently start any auto-login profiles it finds in its config folder, even before a user has logged in yet. This service component can be set to automatically start at boot time via the services.msc panel in Windows.

On the other hand, it does miss some features that Connect Client does have as well like Python support for post-auth scripting and other functions that integrate Connect Client with Access Server, like the ability to import connection profiles directly from an Access Server, or the ability to authenticate any valid user on your Access Server and have them connect without having to install a connection profile for each separate user account. This is accomplished on the Connect Client with a universal server-locked profile which is not supported by the OpenVPN GUI program.

With this program there is a config directory, usually c:\program files (x86)\openvpn\config\, where you can save OpenVPN connection profiles. These can be of .conf or .ovpn file extension. You can for example download a user-locked or an auto-login profile from the OpenVPN Access Server web interface, and place it in the aforementioned directory. The tray menu in the system tray will then show you options to use this connection profile - to start or stop the connection. Server-locked profiles are not supported, as mentioned earlier.

This program does support connecting to multiple OpenVPN servers at the same time, but there is a catch. Aside from having to be careful not to implement conflicting routes and subnets when connecting to multiple OpenVPN servers at the same time, you also have to make sure there are enough virtual network adapters. OpenVPN works by creating a virtual network card or adapter in the Windows operating system. Only one OpenVPN tunnel can be connected to such a virtual network adapter. So if you need 3 simultaneous OpenVPN tunnel connections, you must add adapters manually. There are command line scripts in the Start menu that can be used to do this.

To obtain the program go to the community downloads section on our main website and download the installer for Windows. The OpenVPN GUI program comes included with this installer.

The program is limited to 50 connection profiles.

tunXten OpenVPN client

This is a program created by an external party, Eugene Mindrov. It is available only for Windows and is compatible with OpenVPN Access Server. It is a very good client to use as it has a very good GUI (Graphical User Interface) that offers the ability to import connection profiles directly from the Access Server, and it can support multiple simultaneous OpenVPN tunnel connections as well. It needs multiple virtual network adapters to do this, just like the open source version does, but it comes with a tool in the GUI itself to achieve this. You can simply keep adding adapters until you have the required amount to establish as many connections as you need. It comes with useful logging information, the ability to put custom icons on connections, renaming profiles from the GUI, setting connections to automatically connect at boot up, remember saved user names and passwords, and so on. It is truly an excellent client and we recommend it for powers users.

It can be obtained from the tunXten website.

Viscosity OpenVPN client

Another good OpenvPN client created by an external party, SparkLabs. It is available for Windows and Macintosh. It is compatible with OpenVPN Access Server.

It can be obtained from the SparkLabs Viscosity website.

Other clients

There are too many to name. There is however a page on the community website that tries to list them all.