how to create vpn ssl with client openvpn

i'm also testing with open vpn. What i found the easiest way: (im only using windows)

I have an USG Flex 50h

VPN - SSL VPN

object - services - Service groups

Default_Allow_WAN_To_ZyWALL

Add SSLVPN to this group

I created an group SSL-VPN-USERS

And added an new User to it.

Click User Authentication

I think this were al the steps in de usg flex 50

Then download this client:

Community Downloads - Open Source VPN | OpenVPN

just this one, because this one supports running scripts.

So i created an batchfile

@echo off
start "" "msedge.exe" https://192.168.1.1:300 ←information from the delivery settings here above.

And saved it as c:\openvpn\test.bat

download the ovpn config file inside the USG Flex50, and add these lines:

script-security 2
up "C:\\OpenVPN\\test.bat"

offcourse, point to your location and script.

after it, you could setup an connection to your usg flex, and after it connects, it directly opens the portal where you have to insert the OPT key.

Hi,

I thought 2FA couldn't work with openvpn clients but you managed to do it.

In delivery settings I put https, user defined and my public ip address. Port 8008 and I allowed this port from WAN to Zyxel rules.

I launch my VPN client, it connects, but when I try to reach https://my_public_ip:8008, it can't connect.

May be I am totally wrong and I don't understand what are these delivery settings settings ?

Hi @rcd ,

To narrow the attack surface. USG FLEX H is not allow to open 2FA page from Internet. It can only be access within the tunnel.

You need to set the link IP to LAN interface IP. In my case, LAN interface is 192.168.5.1. And make sure it's in the local networks list if using split tunnel.

Hi @rcd ,

Yes, 192.168.5.1 is allowed by the VPN.

Since the VPN tunnel already encrypted the traffic. HTTP in VPN tunnel is secured and is quick then HTTPs.