This tutorial aims to show how to set up and configure a VPN (Virtual Private Network) client for MacOS, Windows and Linux (Ubuntu).


Create new user certificate

  1. Open your favourite terminal and clone the infra-openvpn stack.
  2. Open the OpenVPN stack and edit the "_variables.tf".
  3. Add the new user on "users section".


        4. Save and commit to the GIT repository. The pipeline will be run the first step and will wait to manual apply.

        5. Go to the Git repository → Open the pipeline and run the Apply step.


Revoke user certificate

  1. Open your favourite terminal and clone the infra-openvpn stack.
  2. Open the OpenVPN stack and edit the "_variables.tf".
  3. Add user on "revoke_users" section. E.g if you want to revoke the "dnx-devop1" just add the same user at "revoke_users".


There’s no way to remove an user, since it’s key has already been signed by the OpenVPN certificate.



4.   Save and commit to the GIT repository. The pipeline will be run the first step and will wait to manual apply.

5.   Go to the Git repository → Open the pipeline and run the Apply step. 


Download the certificates 

When a user is added, OpenVPN Server creates a ".ovpn" and ".mfa" files to an S3 bucket in the MGMT account. These files need to be downloaded and sent to the user to connect to the VPN.

  1. To download these files, go to AWS Console, switch to your management account.
  2. Go to S3 (simple storage service).
  3. Find a bucket called openvpn-mgmt-<random number> 
  4. Open the bucket;
  5. Download both files (.ovpn and .mfa) with user name.


Important: That files should not be shared between users. Sharing these files will cause connection interruptions as one user can maintain only one connection at a time.


Configure and connect (MAC OS)

  1. Download and install OpenVPN Tunnelblick client (https://tunnelblick.net/release/Tunnelblick_3.8.3_build_5520.dmg).
  2. Click on TunnelBlick icon in the menu bar at the top and select 'VPN Details' option
  3. To install a configuration file (.ovpn), drag and drop it on the list of configurations in the 'Configurations' tab of the 'VPN Details' window.


4.    On the “user name” field, type exactly your ".ovpn" file name, except by the file extension. E.g: if you have a file called “dnx-devop1.ovpn", use “dnx-devop1” as username.

5.    Open the ".mfa" file and copy the MFA URL.

6.    Paste the URL in your favourite Web Browser to see the QR code.

7.     Use your favorite MFA tool such as Google Authenticator, scan the QR Code and get the password.

8.     Fill the password text box with OTP (one time password) code generated by MFA tool and click "OK".


9.    You will see the following screen after successfully connect via VPN.

Configure and connect (Windows)

  1. Download OpenVPN client.
    1. OpenVPN for Windows:
      1. https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.8-I602-Win10.exe
  2. Click on OpenVPN client
  3. Click at Import/From local file and choose the certificate.
  4. Click on OpenVPN client again and click on openvpn.mgmt.cloud.domain and click on connect.
  5. On the “user name” field, type exactly your ".ovpn" file name, except by the file extension. E.g: if you have a file called “dnx-devop1.ovpn", use “dnx-devop1” as username.
  6. Open the ".mfa" file and copy the MFA URL.
  7. Paste the URL in your favourite Web Browser to see the QR code.
  8. Use your favorite MFA tool such as Google Authenticator, scan the QR Code and get the password.
  9. Fill the password text box with OTP (one time password) code generated by MFA tool and click "connect".

Configure and connect (Linux Ubuntu)

There is an OpenVpn client already installed on Ubuntu distributions so that you do not need to install any additional software.

  1. Open System Settings / Network.
  2. Add a new VPN, clicking on “+”.
  3. Select “Import file” and then choose your ".ovpn" file.
  4. On the “user name” field, type exactly your ".ovpn" file name, except by the file extension. Ex: if you have a file called “dnx-devop1.ovpn", use “dnx-devop1” as username.
  5. Open the ".mfa" file and copy the MFA URL.
  6. Paste the URL in your favourite Web Browser to see the QR code.
  7. Use your favorite MFA tool such as Google Authenticator, scan the QR Code and get the password.
  8. Fill the password text box with OTP code generated by MFA tool and click on the "Add button".
  9. In order to test your connection, go back to the previous screen, which lists all vpn connections, choose your new VPN connection. Please note that everytime you try to connect, you will be prompted to type the password again.