1. Information

There are two versions of OpenVPN.

  • OpenVPN 2.x also called OpenVPN GUI or OpenVPN Community Edition.

    • On Linux it does have a direct integration with Network Manager.

    • Also, it supports up and down scripts.

  • OpenVPN 3.x also called OpenVPN Connect.

    • It is more secure.

    • On Linux the VPN connection can be set up without root privileges.

    • On Windows the user doesn’t need to be a member of the OpenVPN Administrators group.

    • However, on Linux it currently does not have a direct integration with Network Manager.

    • Also, it does not support up and down scripts.

1.1. VPN users

Last updated: 2025-09-22.

1.  Admin               Wannee                  SMRUNB-AD01
2.  Data Management     Nattapol                SMRUNB-DM01 (SMRU,TEST)
3.  Data Management     Pyae Phyo Kyaw          SMRUNB-TB01
4.  Data Management     Saw Henry               SMRUNB-DM04
5.  Entomology          Victor                  SMRUNB-MRS01
                                                SMRUNB-IT01 (To delete config file.)
6.  Finance             Amorn                   TBHFNB-FN02, SMRUNB-AD01
7.  Finance             Nant Mar Lar Tun        TBHFNB-FN02
8.  Finance             Sareena                 TBHFNB-FN01
9.  Finance             Suchanard               TBHFNB-FN02, SMRUNB-LG01, SMRUNB-AD01, SMRUNB-PE01
10. Haematology         Germana                 Personal computer with Windows OS
11. HR                  Phawichor               TBHFNB-HR04
12. HR                  Suchada                 TBHFNB-HR01, Need to put config file.
13. HR                  Suttinee                TBHFNB-HR03
14. HR                  Tanawat                 TBHFNB-HR02
15. IT                  Douwe                   Personal computer with Windows OS,
                                                SMRUNB-IT01, SMRUWS-IT07, TBHFWS-IT01 (SMRU, TEST)
16. Malaria             Chanapat                SMRUNB-CB12
17. MCH                 May Mon Mon Theint      TBHFNB-DC01
18. MCH                 Mellie                  Personal computer with Mac OS
19. MCH                 Nay Win Tun             SMRUNB-DC03
20. MCH                 Rose                    SMRUNB-DC04
21. MCH                 Taco Jan                TBHFNB-VC02
22. Microbiology        Wanitda                 Personal computer with Mac OS
23. TB                  Tar Doh Htoo            SMRUNB-SKK03
24. Tranning            Hla Hla Than            SMRUNB-DC06

1.2. VPN for Outreach

1.  SMRU-ORC-MKT        MKT
2.  SMRU-ORC-WPA        WPA
3.  SMRUNB-ORC01        WPA
4.  SMRUNB-ORC02        WPA
5.  SMRUNB-ORC03        MKT
6.  SMRUNB-ORC05        WPA
7.  SMRUNB-ORC06        MKT
8.  SMRUNB-ORC07        MKT

2. Sophos Firewall

2.1. Create VPN User

  • Browse to SMRU-SFW-MRM.

  • Log in with admin user account.

  • Select CONFIGURE > Authentication > Users.

  • Click Add.

    Username                        John.vpn
Name                            John Smith
Description
User type                       ● User  ○ Administrator
Profile                         Profile
Password                        ********
                                ********
Email                           john@shoklo-unit.com
Group                           MST SSL VPN group
Surfing quota                   Unlimited Internet Access
Access time                     Allowed all the time
Network traffic                 None
Traffic shaping                 None
SSL VPN policy                  MST SSL VPN policy
Clientless SSL VPN policy       No policy applied
IPsec remote access             ○ Enable        ● Disable       IP address
L2TP                            ○ Enable        ● Disable       IP address
PPTP                            ○ Enable        ● Disable       IP address
Quarantine digest               ○ Enable        ● Disable
MAC binding                     ○ Enable        ● Disable
MAC address list
Simultaneous sign-ins           ■ Use global setting    ■ Unlimited
Sign-in restriction             ○ Any node      ● User group node(s)
                                ○ Selected nodes        ○ Node range

  • Click Save.

2.2. Delete VPN user

  • Browse to SMRU-SFW-MRM.

  • Log in with admin user account.

  • Select CONFIGURE > Authentication > Users.

  • Check the user’s vpn account.

  • Click Delete.

  • Click OK to confirm.

2.3. VPN Client Config File

  • Browse to the Sophos VPN Portal at SMRU-SFW-MRM.

  • Log in with the <User>.vpn user account.

  • Select the VPN tab.

  • Click VPN Configuration | SSL VPN configuration | Download for Windows, macOS, Linux : Use with Sophos Connect and OpenVPN Connect v2 clients.

  • Move the sslvpn-<user>.vpn-client-config.ovpn file to the T:\IT\Helpdesk\Sophos SSL VPN folder.

  • Rename the sslvpn-<user>.vpn-client-config.ovpn file to sslvpn-<user>.vpn-client-config-v2.ovpn.

  • Click VPN Configuration | SSL VPN configuration | Download for Windows, macOS, Linux : Use with OpenVPN Connect v3 clients.

  • Move the sslvpn-<user>.vpn-client-config.ovpn file to the T:\IT\Helpdesk\Sophos SSL VPN folder.

  • Rename the sslvpn-<user>.vpn-client-config.ovpn file to sslvpn-<user>.vpn-client-config-v3.ovpn.

  • Append the following lines to the sslvpn-<user>.vpn-client-config-v2.ovpn file.

    auth-nocache
comp-lzo no
;remote smru-sfw-mrm.dyndns.org 443
;remote smru-sfw-mrm.dyndns.org 8443
;server-poll-timeout 10

  • Append the following lines to the sslvpn-<user>.vpn-client-config-v3.ovpn file.

    dhcp-option ADAPTER_DOMAIN_SUFFIX smru.shoklo-unit.com
dhcp-option DNS 10.10.1.1
;remote smru-sfw-mrm.dyndns.org 443
;remote smru-sfw-mrm.dyndns.org 8443
;server-poll-timeout 10

  • Note: Comment out the following line in the sslvpn-<user>.vpn-client-config-v2.ovpn and the sslvpn-<user>.vpn-client-config-v3.ovpn files.

    ;route remote_host 255.255.255.255 net_gateway

3. Linux

3.1. OpenVPN 2

3.1.1. Installation

  • Enter the following commands at a Command Line.

    sudo apt-get install openvpn
sudo apt-get install openvpn-systemd-resolved

sudo which openvpn
sudo openvpn --version
sudo systemctl status openvpn
    OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
library versions: OpenSSL 3.0.15 3 Sep 2024, LZO 2.10
DCO version: N/A
3.1.1.1. Desktops

  • Enter the following commands at a Command Line.

    sudo apt-get install network-manager
sudo apt-get install network-manager-gnome
sudo apt-get install network-manager-openconnect
sudo apt-get install network-manager-openconnect-gnome
sudo apt-get install network-manager-openvpn                    # Needed for GNOME.
sudo apt-get install network-manager-openvpn-gnome              # Needed for GNOME.

which nmcli
which nmtui

3.1.2. Configuration

  • Enter the following commands at a Command Line.

    sudo systemctl enable systemd-resolved
sudo systemctl restart systemd-resolved
sudo systemctl status systemd-resolved

  • Restart the computer.

3.1.2.1. Desktops
GNOME

  • Right-click the desktop and select Settings.

  • Select the Network page.

  • Select VPN | +.

  • Select Import from file.

  • Select the sslvpn-<user>.vpn-client-config-v2.ovpn file.

  • Click Open.

  • Type the username in the User name field.

  • Type the password in the Password field.

  • Click Add.

  • Close Settings.

KDE Plasma
Xfce

  • Select the Network Manager icon at the top right and select VPN Connections > Add a VPN connection.

  • Select Import a saved VPN configuration.

  • Click Create.

  • Select the /etc/openvpn/client folder.

  • Select the sslvpn-<user>.vpn-client-config-v2.ovpn file.

  • Click Open.

  • Type the username in the User name field.

  • Type the password in the Password field.

  • Click Save.

3.1.3. Usage

  • Enter the following commands at a Command Line.

    sudo openvpn --config /etc/openvpn/client/sslvpn-douwe.vpn-client-config-v2.ovpn
# Enter Auth Username: Douwe.vpn
# Enter Auth Password: ********
3.1.3.1. Desktops
GNOME

  • Select the Network Manager icon at the top right and select sslvpn-<user>.vpn-client-config-v2 > sslvpn-<user>.vpn-client-config-v2 to connect.

  • Do your thing.

  • Select the Network Manager icon at the top right and select sslvpn-<user>.vpn-client-config-v2 > sslvpn-<user>.vpn-client-config-v2 to disconnect.

KDE Plasma
Xfce

  • Select the Network Manager icon at the top right and select VPN Connections > sslvpn-<user>.vpn-client-config-v2 to connect.

  • Optional: Click Don’t show this message again.

  • Do your thing.

  • Select the Network Manager icon at the top right and select VPN Connections > sslvpn-<user>.vpn-client-config-v2 to disconnect.

Map the P: S: T: U: Share drive

  • Open Dolphin (File Manager).

  • Right-click on the empty space on left panel and select Add Entry.

  • P: Share drive:

    • Type SMRU P: Drive in the Label field.

    • Type smb:/SMRU-SRV/Public$ in the Location field.

  • S: Share drive:

    • Type SMRU S: Drive in the Label field.

    • Type smb:/SMRU-SRV/Shared$ in the Location field.

  • T: Share drive:

    • Type SMRU T: Drive in the Label field.

    • Type smb:/SMRU-SRV/Teams$ in the Location field.

  • U: Share drive:

    • Type SMRU U: Drive in the Label field.

    • Type smb:/SMRU-SRV/Home$ in the Location field.

  • Check Only show when using this application (Dolphin).

  • Click OK.

  • Select Remote | SMRU T: Drive.

  • Type your domain user SMRU\<user> in the Username field.

  • Type your domain user password in the Password field.

  • Click OK.

3.1.4. Verification

  • Enter the following commands at a Command Line.

    ip address
ping 8.8.8.8
ping www.google.com
ping smru-sfw-mrm.dyndns.org
ping 10.10.1.3
ping SMRU-SRV
ping SMRU-SRV.smru.shoklo-unit.com

cat /etc/resolv.conf

3.2. OpenVPN 3

3.2.1. Installation

  • See https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux.

    sudo apt-get install apt-transport-https curl

# Retrieve the OpenVPN Inc package signing key.
sudo mkdir -p /etc/apt/keyrings    ### This might not exist in all distributions
curl -sSfL https://packages.openvpn.net/packages-repo.gpg | sudo tee /etc/apt/keyrings/openvpn.asc
echo "deb [signed-by=/etc/apt/keyrings/openvpn.asc] https://packages.openvpn.net/openvpn3/debian bookworm main" | sudo tee --append /etc/apt/sources.list.d/openvpn3.list
cat /etc/apt/sources.list.d/openvpn3.list
sudo apt-get update
sudo apt-get install openvpn3

which openvpn3
openvpn3 version
    OpenVPN3/Linux v24 (openvpn3)
OpenVPN core v3.10.4 linux x86_64 64-bit

3.2.2. Configuration

3.2.2.1. Desktops

OpenVPN 3 Linux does currently not have a direct integration with Network Manager.

3.2.3. Usage

  • Enter the following commands at a Command Line.

    openvpn3 session-start --config /etc/openvpn/client/sslvpn-douwe.vpn-client-config-v3.ovpn
openvpn3 session-start --config /etc/openvpn/client/sslvpn-douwe.vpn-client-config-v3-Fixed5.ovpn
# Enter Auth Username: Douwe.vpn
# Enter Auth Password: ********

ps ax | grep -i openvpn3-service-client
openvpn3 sessions-list
session="$(openvpn3 sessions-list | grep Path | sed -e "s/^.* //")"
openvpn3 session-manage --session-path ${session} --disconnect

3.2.4. Verification

  • Enter the following commands at a Command Line.

    ip address
ping 8.8.8.8                                    # Works.
ping www.google.com                             # Works.
ping smru-sfw-mrm.dyndns.org                    # Works.
ping 10.10.1.3                                  # Works.
ping SMRU-SRV                                   # Fails.
ping SMRU-SRV.smru.shoklo-unit.com              # Fails.

cat /etc/resolv.conf
getent hosts host-name
openvpn3 sessions-list

4. macOS

4.1. OpenVPN 2

4.1.1. Installation

4.2. OpenVPN 3

4.2.1. Installation

5. Windows

5.1. OpenVPN 2

5.1.1. Installation

  • Run the OpenVPN-2.6.14-I001-amd64.msi file.

  • Click Customize.

  • Make the OpenVPN | OpenVPN GUI | Launch on User Logon feature unavailable.

  • Make the OpenVPN | OpenVPN GUI | Documentation feature unavailable.

  • Make the OpenVPN | OpenVPN GUI | Configuration Samples feature unavailable.

  • Click Install Now.

  • Click Close.

  • Remove the OpenVPN GUI icon from the desktop.

5.1.2. Configuration

  • Log on as Administrator.

  • Enter the following commands at a Command Prompt with administrative privileges.

    net.exe use T: \\SMRU-SRV\Teams$ /Persistent:No
rem Type "SMRU\<User>" and press Enter for the username.
rem Type the password and press Enter.
Set-OpenVpn2ClientUser <User> -Script

5.1.3. Usage

  • Start OpenVPN GUI.

  • Right-click the OpenVPN GUI icon in the Notification Area.

  • Select Exit.

5.1.4. Verification

  • Enter the following commands at a Command Prompt.

    ping 8.8.8.8
ping www.google.com
ping smru-sfw-mrm.dyndns.org
ping 10.10.1.3
ping SMRU-SRV
ping SMRU-SRV.smru.shoklo-unit.com

5.2. OpenVPN 3

5.2.1. Installation

  • Run the openvpn-connect-3.6.0.4074_signed.msi file.

  • Click Next.

  • Check I accept the terms in the License Agreement.

  • Click Next.

  • Click Install.

  • Click Finish.

  • Click AGREE in the OpenVPN Connect window.

  • Close the OpenVPN Connect window.

  • Right-click OpenVPN Connect: DISCONNECTED in the Notification Area and select Exit.

  • Remove the OpenVPN Connect icon from the desktop.

5.2.2. Configuration

Note: Imported profiles end up in the C:\Users\<User>\AppData\Roaming\OpenVPN Connect\profiles folder.

  • Log on as Administrator.

  • Start OpenVPN Connect.

  • Click UPLOAD FILE.

  • Click BROWSE.

  • Select the sslvpn-<User>.vpn-client-config-v3.ovpn file.

  • Click Open.

  • Type the username in the Username field.

  • Click CONNECT.

  • Type the password in the Password field.

  • Click OK.

  • Select OpenVPN Profile to disconnect.

  • Click CONFIRM to confirm.

  • Close OpenVPN Connect.

5.2.3. Usage

  • Start OpenVPN Connect.

  • Right-click the OpenVPN Connect icon in the Notification Area.

  • Double-click the Map Drives icon on the desktop.

  • Optional: Type SMRU\<domain username> in the Name field.

  • Optional: Type the domain password in the Password field.

  • Do your thing

  • Double-click the Unmap Drives icon on the desktop.

  • Select Exit.

5.2.4. Verification

  • Enter the following commands at a Command Prompt.

    ping 8.8.8.8
ping www.google.com
ping smru-sfw-mrm.dyndns.org
ping 10.10.1.3
ping SMRU-SRV
ping SMRU-SRV.smru.shoklo-unit.com