OpenVPN Cloud Endpoint Testing

So in the last post we stopped at the point of creating additional users who you want to give VPN access to. I also explained that the connection from the RRAS server to the OpenVPN Cloud counts as 1 out of 3 connections so you are left with two connections for your endpoints/users.

Now let’s get the connector installed on our endpoint device and our users connected.

Just a quick reminder that the portal address is “youropenvpncloudId.openvpn.com”

1) Log into your OpenVPN web portal and add your end users. Note that the email address here must be valid for this to work. Since this is intended for lab use just enter your own for testing.

image_thumb[10]

2) Build a VM with Windows 10 installed. The virtual network adapter must be connected to the Internal switch to join the domain and verify you can ping the domain and maybe access a file share or something.

3) Now change the virtual network adapter so it’s bound to the External switch instead to simulate offsite access. Verify that you cannot ping the domain.

4) On this VM log into the email address you provided for the user which has instructions on how to install the connector app. It’s just a standard MSI so go ahead and install it.

image

5) Open the connector app and enter your OpenVPN Cloud portal URL.

image

Sign in with the user account ID you created earlier.

Choose your Region and click Connect. It should only take a few seconds to establish the VPN connection.

image

Verify that you can ping your domain and access file shares.

You can, of course, install the endpoint connector on a physical domain-joined laptop and connect to your Wi-Fi (assuming your lab is on a Internal/Private network) to test this.

In the next post I will go through instructions on how to enable Azure SSO so you don’t have to manually create the user accounts in the portal and better simulate a production environment.

Split Tunnel VPN with OpenVPN Cloud

I wanted to set up VPN split tunnelling for my home lab to simulate my workplace (which uses a commercial VPN solution ) to build a proof of concept of Windows AutoPilot with on-premise domain access from Azure AD joined devices.

I came across OpenVPN Cloud which provides you with 3 connections for free/personal use.

A couple of notes on my setup:

My host server has one Internal switch and one External switch. I installed RRAS on a Windows server VM in my lab running Windows Server 2016 with two virtual network adapters, one connected to the Internal switch and the other on the External switch. Both have DHCP enabled. Now for the instructions:

1) Install RRAS on a Windows server box (mine is on Windows Server 2016) with two virtual network adapters as mentioned above.

2) Enable routing on the server and follow the rest of these instructions on this RRAS server

3) Sign up for a free personal account and create your OpenVPN ID.

image

3) Once logged in, click on Networks on the left and and select “Remote Access” and follow the rest of the wizard.

image

Give your network a name.

Give the connector a name and select your region. This is the RRAS server on which you will have a OpenVPN connector (agent) running.

Add your lab subnet under Private Subnets.

4) Next select where to deploy the connector. I chose Windows, downloaded the connector and installed it on my RRAS server mentioned above.

5) Open the OpenVPN Connector on the RRAS server, sign in with the user account/email address you signed up with and you should see a connection established.

image

Back on the OpenVPN web portal click Next and wait for the connection to be shown as established on that end too.

6) Next add your internal DNS to the web portal.

image

7) Click on Users and add a second user. This is the user who will be signing into VPN from an endpoint device over WAN/off-site. You can, of course, create more users here if you wish.

image

This completes the setup of the OpenVPN Cloud on the server side. I will soon write a follow up post on how to get endpoint devices connected via VPN.

Note that the connector which you installed on the RRAS server and the connection that it established with OpenVPN Cloud is counted as 1 of the 3 free connections you get with the free account. So you actually have only two connections for your endpoint devices. However, for quick POCs and lab use this is more than enough.