OpenVPN is an open-source virtual private network (VPN) that creates an encrypted connection over the Internet from a device to a network. A VPN helps prevent unauthorized people from eavesdropping on the traffic and allows the user to work remotely. You can check more about VPNs here and OpenVPN here.
Vitro Crystal uses OpenVPN so that the user can connect to it remotely. To improve security, each user and device must be configured and given an access key. Only the administrator and selected personnel can create the configuration file. Here you will have the server and client VPN configuration documentation.
The easiest way to install on macOS is to use Homebrew. Just run this command on the terminal:
brew install openvpn
If you don't want to use Homebrew, you can download and install the program manually. Just follow these instructions.
To install it on Ubuntu, you can just use this command:
apt-get install openvpn
OpenVPN can be manually installed on Windows. To do that, just follow these instructions.
The server is the Vitro Crystal. For you to complete these steps, you will need:
- Appropriate permissions.
- Vitro Crystal running Yocto-based OS.
- A connection to the Internet.
- Access to Vitro Crystal (either by serial port, ssh, or directly with a monitor and keyboard).
Now follow these steps:
- Open this website and log in using the credentials provided by your team leader.
- Go to the user subpage by clicking User on the top.
- Click Add User. Fill the Name field and write the unique Vitro Crystal ID obtained by checking the
vitroio-mqttservice, for example.
- Download the
.tarfile by clicking on the appropriate button next to the newly created User.
- On Vitro Crystal, check the file name and where the OpenVPN service looks for. You can do that by checking the OpenVPN service configuration:
The file has this pattern:
Description=Our version of openvpn service
ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /opt/openvpn/ --config %i.conf
In this case, the file is
vitro.conf and should be located at
7. Send the
.tar file you downloaded previously to Vitro Crystal. You can do it in many ways. If you have an ssh connection, you can run the following command:
scp <gw_id>.tar root@<gw_ip>:<config_dir>
In this case,
<config_dir> should be substituted by
8. Unzip the
.tar file and delete it:
unzip <config_dir>/<gw_id>.tar && rm <config_dir>/<gw_id>.tar
Now there is an
.ovpnVPN configuration file on the <config_dir> directory. You can check that by running
ls <config_dir> | grep ovpn.
- Restart the service and done! To restart it, just use this command:
systemctl restart openvpn@vitro
If the service hasn't started already, you can fix it by using:
systemctl enable openvpn@vitro; systemctl start openvpn@vitro.
You can check if everything is already done by using
ifconfig command. OpenVPN is supposed to create another network interface, usually named
tun and a descriptor. Everything is fine if the
tun network interface is there (e.g.
tun0). You can also check if the OpenVPN is running fine by checking the Pritunl Website. This is shown in the image below.
Anything that connects to the Internet and has OpenVPN can connect to a server VPN (Vitro Crystal in this case). This is possible if you have the VPN configuration file. Ask the administrator or team leader for it. If you have the authorization, you can create a new User and download a configuration file on this website.
To connect to Vitro Crystal with a VPN, just follow these steps:
- Install OpenVPN:
apt install openvpn
If you followed our Installation Guide, you can skip this step!
- Obtain the VPN configuration file. If you don't have clearance to create one, please ask your team leader for one.
- Unzip the
.tarVPN configuration file:
- Send the extracted file to
/etc/openvpn/client(directory where OpenVPN looks for VPN configuration files):
mkdir -p /etc/openvpn/client && cp <file_name>.ovpn /etc/openvpn/client/vitro.conf
mkdircommand will create the directory if it doesn't exist. If you want to, you can only use the
- Delete unnecessary files:
rm <file_name>.tar <file_name>.ovpn
- Start the OpenVPN service:
systemctl start openvpn-client@vitro
- (Optional) Start OpenVPN service to start on boot:
systemctl enable openvpn-client@vitro
- Check if everything is fine. You can use
ifconfigcommand to see the
tunnetwork interface and the Vitro Crystal IP address (if connected successfully). You can then
If you want to troubleshoot OpenVPN, check its logs:
journalctl -fu openvpn-client@vitro.
Updated over 2 years ago