OpenVPN configuration

OpenVPN is a free and open source software application that implements virtual private network (VPN) solutions for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities.

Full manual for OpenVPN installation and configuration you can find at manufacturer site:

Connecting to working OpenVPN

If you want to connect WTware to working OpenVPN infrastructure, you may use your OpenVPN configuration file. Pay attention: WTware is not good for learning OpenVPN. Firstly check your configuration on another Windows or Linux computer, and only after successfull tests apply OpenVPN configuration to WTware.

Rename tested configuration file to openvpn.cfg and place it to configs directory on boot disk. To add this file to CD image you may use special program, i.e. UltraISO. Keys must be stored in configuration file. Example of openvpn.cfg configuration file with stored keys. Add in configuration file line:


If in your VPN tls-auth key is used and in configuration file there is such line:

tls-auth ta.key 1
then after key embedding add into configuration file one more parameter, key-direction, to specify key direction. Should be like this:
key-direction 1
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----

Creating new OpenVPN

Minimal Windows OpenVPN configuration manual for WTware:

  1. Download Windows Installer.
  2. Install to terminal server. During installation tick too checks:
    Install OpenVPN

  3. Run command line as administrator:
    Run command line as administrator

  4. What should be entered is highlighted by red color:
    Installation log

  5. Create configuration file "C:\Program Files (x86)\OpenVPN\config\wtware.ovpn":
    dev tun
    ca "C:/Program Files (x86)/OpenVPN/easy-rsa/keys/ca.crt"
    cert "C:/Program Files (x86)/OpenVPN/easy-rsa/keys/server.crt"
    key "C:/Program Files (x86)/OpenVPN/easy-rsa/keys/server.key"
    dh "C:/Program Files (x86)/OpenVPN/easy-rsa/keys/dh1024.pem"


    For this configuration file terminal server IP will be IP This IP you should specify in WTware configuration file server=parameter. If terminal server has another IP, don't forget to turn on routing on server with openvpn and specify route to terminal on terminal server.

  6. Run command line as administrator, type:
    Command line

    Red frame - the command to run.
    Blue frame - this text is printed before terminal connects.
    Green frame - this text is printed after terminal connects.

Items 1-6 you are to perform once, during server configuration. Then create keys for terminal. Make sure that terminal connects. Restart server. Automatically during server boot openvpn service will start for every file with .ovpn extension from "C:\Program Files (x86)\OpenVPN\config\" directory.

Terminal needs for work three files with keys: ca.crt, client.crt and client.key. The first file is common for all OpenVPN clients. The second and the third files it's better to name by MAC-address. It's useful when keys for tens of terminals are saved to one flash-disk and terminals use this flash-disk during installation. Example of correct keys generation for terminal with MAC-address 00.0C.29.DF.50.E3:

Keys generation

In such case set of files with keys consists of such three files: ca.crt, and It's case sensitive!

Ready keys are placed into C:\Program Files (x86)\OpenVPN\easy-rsa\keys\

Keys are ready. Then actions for each boot way differ.

Boot from CD

  • Create compact-disk .iso image and then edit it manually. Files with keys should be saved to configs directory.

Boot from USB

  • Install WTware to flash-disk.
  • Save files with keys to configs directory.
  • Boot terminal from flash-disk. Press Del and in terminal menu specify OpenVPN server address.

Boot from HDD

  • Install WTware to harddisk.
  • Copy files with keys to USB flash-disk root directory.
  • Boot terminal from harddisk. Press Del and in terminal menu specify OpenVPN server address.
  • During boot terminal will ask for flash with keys. Insert USB flash-disk.