The VPN Client


Once the VPN has been configured and all users have been created, the next step is to export the client.


Go to System - VPN - OpenVPN




Go to Export Client 




Exporting the VPN client will provide the following configuration options:



OpenVPN Server

  • Remote Access Server: If you only have 1 VPN server configured this will default to that server. If you have multiple servers configured, please select which VPN server you would like to export.



Client Connection Behaviour

  • Host Name Resolution:
  • Interface IP Address: Uses the actual configured interface IP address/VIP literally (most common choice)
  • Automagic Multi-WAN IPs (port forward targets): Locates any port forwards with a target of the VPN's binding address and port. Add remote staetments for all of them. 
  • Automagic Multi-WAN DDNS Hostnames (port forward targets): As above, but uses the first found DynDNS hostname as the remote address rather than the destination IP directly
  • Installation hostname: Uses the hostname and domain configured under System > General.
  • DynDNS: All of the Dynamic DNS hostnames from Services > Dynamic DNS are listed as individual choices.
  • Other: Presents a text box in which an arbitrary address or hostname may be placed.


  • Verify Server CN: Controls how the client will verify the server certificate common name (It is not recommended to disable this                                 option. Without it, any server certificate name will be accepted by the client.
  • Automatic - Use verify-x509-name (OpenVPN 2.3+) where possible: Uses the current recommended method of verification. Works on any OpenVPN client 2.3 and newer. (Leave it on this option)
  • Use tls-remote (Deprecated, use only on old clients <= OpenVPN 2.2.x): Only use this if an older client that is not under direct control must be supported. The option has been deprecated by OpenVPN and will be removed in the next major version.
  • Use tls-remote and quote the server CN: As above, but adds quotes around the common name. Useful if the certificate common name contains spaces.
  • Do not verify the server CN: Omits any verification of the server certificate common name. Not recommended


  • Block Outside DNS: Block access to DNS servers except across OpenVPN while connected, forcing clients to use only VPN DNS servers.


  • Use Random Local Port: Instructs the client to use a random local source port (lport) for traffic from the client. (Leave this unmarked)

*Leave the rest of the options blank


OpenVPN Clients


This is where you will download the VPN client.


For windows users, please select Windows Vista and Later (This will make use of OpenVPN)

For Mac OS users running Viscosity or Tunnelblick , please select Viscosity Bundle



For Windows: Once downloaded, run the application file and it will install OpenVPN and install the configuration file. (Run Application as administrator)

For Mac OS: Once downloaded, open Viscosity and import the config file.


You will be prompt for a username and password. This will be the username and password that has been set up on the firewall for a VPN user. If you have not setup your users, click here.