OpenVPN is an open-source virtual private network (VPN) that creates an encrypted connection over the Internet from a device to a network. A VPN helps prevent unauthorized people from eavesdropping on the traffic and allows the user to work remotely. You can check more about VPNs here and OpenVPN here.

Vitro Crystal uses OpenVPN so that the user can connect to it remotely. To improve security, each user and device must be configured and given an access key. Only the administrator and selected personnel can create the configuration file. Here you will have the server and client VPN configuration documentation.

Client-side Installation


The easiest way to install on macOS is to use Homebrew. Just run this command on the terminal:

brew install openvpn

If you don't want to use Homebrew, you can download and install the program manually. Just follow these instructions.


To install it on Ubuntu, you can just use this command:

apt-get install openvpn


OpenVPN can be manually installed on Windows. To do that, just follow these instructions.

Server VPN

The server is the Vitro Crystal. For you to complete these steps, you will need:

  • Appropriate permissions.
  • Vitro Crystal running Yocto-based OS.
  • A connection to the Internet.
  • Access to Vitro Crystal (either by serial port, ssh, or directly with a monitor and keyboard).

Now follow these steps:

  1. Open this website and log in using the credentials provided by your team leader.
  2. Go to the user subpage by clicking User on the top.

OpenVPN configuration start page.

  1. Click Add User. Fill the Name field and write the unique Vitro Crystal ID obtained by checking the vitroio-mqtt service, for example.

Creating a new user using the Vitro Crystal ID.

  1. Download the .tar file by clicking on the appropriate button next to the newly created User.

Button to download the configuration files.

  1. On Vitro Crystal, check the file name and where the OpenVPN service looks for. You can do that by checking the OpenVPN service configuration:
cat /lib/systemd/system/openvpn\@.service

The file has this pattern:

Description=Our version of openvpn service

ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/ --cd /opt/openvpn/ --config %i.conf


In this case, the file is vitro.conf and should be located at /opt/openvpn.
7. Send the .tar file you downloaded previously to Vitro Crystal. You can do it in many ways. If you have an ssh connection, you can run the following command:

scp <gw_id>.tar root@<gw_ip>:<config_dir>

In this case, <config_dir> should be substituted by /opt/openvpn/.
8. Unzip the .tar file and delete it:

unzip <config_dir>/<gw_id>.tar && rm <config_dir>/<gw_id>.tar


Now there is an .ovpn VPN configuration file on the <config_dir> directory. You can check that by running ls <config_dir> | grep ovpn.

  1. Restart the service and done! To restart it, just use this command:
systemctl restart openvpn@vitro


If the service hasn't started already, you can fix it by using: systemctl enable openvpn@vitro; systemctl start openvpn@vitro.

You can check if everything is already done by using ifconfig command. OpenVPN is supposed to create another network interface, usually named tun and a descriptor. Everything is fine if the tun network interface is there (e.g. tun0). You can also check if the OpenVPN is running fine by checking the Pritunl Website. This is shown in the image below.


Online VPN connection to Vitro Crystal.

Client VPN

Anything that connects to the Internet and has OpenVPN can connect to a server VPN (Vitro Crystal in this case). This is possible if you have the VPN configuration file. Ask the administrator or team leader for it. If you have the authorization, you can create a new User and download a configuration file on this website.

To connect to Vitro Crystal with a VPN, just follow these steps:

  1. Install OpenVPN:
apt install openvpn


If you followed our Installation Guide, you can skip this step!

  1. Obtain the VPN configuration file. If you don't have clearance to create one, please ask your team leader for one.
  2. Unzip the .tar VPN configuration file:
unzip <file_name>.tar
  1. Send the extracted file to /etc/openvpn/client (directory where OpenVPN looks for VPN configuration files):
mkdir -p /etc/openvpn/client && cp <file_name>.ovpn /etc/openvpn/client/vitro.conf


The mkdir command will create the directory if it doesn't exist. If you want to, you can only use the cp command.

  1. Delete unnecessary files:
rm <file_name>.tar <file_name>.ovpn
  1. Start the OpenVPN service:
systemctl start openvpn-client@vitro
  1. (Optional) Start OpenVPN service to start on boot:
systemctl enable openvpn-client@vitro
  1. Check if everything is fine. You can use ifconfig command to see the tun network interface and the Vitro Crystal IP address (if connected successfully). You can then ping Vitro Crystal.
  2. Done!


If you want to troubleshoot OpenVPN, check its logs: journalctl -fu openvpn-client@vitro.

What’s Next