Reply To: OpenVPN setup via GUI for VPN public service

Forums Network Management VPN OpenVPN setup via GUI for VPN public service Reply To: OpenVPN setup via GUI for VPN public service


Well, I found no solution to the issue I presented here exactly as I wanted to do, i.e. just using the GUI (the ZS web interface).

First and generally, there are too many limitations at the moment for the web interface to be able to setup OpenVPN in all the possibile options (as specified in the documents, the actual implementation aims at building ZS-to-ZS vpns with a specific not-standard configuration).

This could be a problem when accessing a third-party system, such as a public VPN service, for which it is compulsory to comply with a given setup.

Second, even deciding to use a manual and longer approach, that is to upload to ZS the setup files provided by the supplier (in my case the configuration file .ovpn, the certificate file .pem and the username/password file) and then just set the GUI for reading them (–config xxxx.ovpn), there will still be an error (Sorry, ‘Auth’ password cannot be read from a file) because the openvpn binary file included in the current release of ZS has not been compiled with the “-enable-password-save” option.

At least, as a primary and quick solution to the above, I would suggest the author to recompile the OpenVPN executable with the said option in order to make credentials to be readable from a file, as a little security flaw can be safely tolerated in order to gain an automatic logon to the vpn service and the persistence of the connection, being this a mostly important feature for an unattended connectivity device such as a ZS box.

Of course, as many other users stated in this forum, a more definitive solution would be to make the VPN web interface easier and faster to setup.