1. Overview

This guide covers how to use OpenVPN client to connect to an OpenVPN Access Server.

What is OpenVPN?

OpenVPN is an open-source commercial software that implements virtual private network (VPN) techniques to create secure point-to-point connections in routed or bridged configurations and remote access facilities.

2. VPN Quick Start

Quick Setup for users:

If you’re an OAT organization member, follow these simple steps to get connected quickly.

Step 1 - Access the Web Portal:

Visit https://access.vpn.taocloud.org and sign in with SAML using your OAT google credentials.

Step 2 - Download Client:

Download the appropriate OpenVPN client for your operating system directly from the portal.

Step 3 - Download Configuration:

Download your personalized connection profile (.ovpn configuration file) from the portal.

Step 4 - Install and Import:

Install the OpenVPN client and import your .ovpn configuration file.

Step 5 - Connect:

Connect to VPN. The VPN server address is automatically configured as connect.vpn.taocloud.org.

Important Links:

3. Client Installation

3.1. Windows Installation

Step 1: Visit https://access.vpn.taocloud.org and sign in with SAML using your OAT google credentials.

Step 2: Click Download OpenVPN Connect for Windows on the Downloads page https://access.vpn.taocloud.org with a checkbox Include connection profile (User-locked)
client download windows

Step 3: Run the installer with administrator privileges

Step 4: Follow the installation wizard

Step 5: The OpenVPN GUI will be available in the system tray

3.2. MacOS Installation

Step 1: Visit https://access.vpn.taocloud.org and sign in with SAML using your OAT google credentials.

Step 2: Click Download OpenVPN Connect for macOS on the Downloads page https://access.vpn.taocloud.org with a checkbox Include connection profile (User-locked)
client download macos

Step 3: Run the installer with administrator privileges

Step 4: Follow the installation wizard

Step 5: The OpenVPN GUI will be available in the Launchpad

3.3. Linux Installation

Step 1: Visit https://access.vpn.taocloud.org and sign in with SAML using your OAT google credentials.

Step 2: Click Connection profile on the Downloads page https://access.vpn.taocloud.org
client download linux

Step 3: Save the profile to a permanent place within your file system.

Step 4: Read first the documentation pages here:

Step 5: Install the client on your machine following instructions from the documentation pages.

Step 6: Import the Connection profile you downloaded before with instructions from the documentation pages.

3.4. Mobile Installation

Android:

Install "OpenVPN for Android" from Google Play Store

iOS:

Install "OpenVPN Connect" from Apple App Store

4. Configuration

4.1. Obtaining Configuration Files

TAO Cloud VPN - Quick Setup:

  1. Visit https://access.vpn.taocloud.org

  2. Sign in with SAML using your OAT google credentials

  3. Download the OpenVPN client for your platform

  4. Download your personalized connection profile (.ovpn configuration file)

  5. Import the configuration into your OpenVPN client

Alternative - Manual Setup: Contact your VPN administrator to obtain:

  • OpenVPN configuration file (.ovpn)

  • Username and password

  • Any additional certificates if required

4.2. Configuration File Structure

A typical TAO Cloud VPN configuration file contains:

client
dev tun
proto udp
remote connect.vpn.taocloud.org 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
cipher AES-256-CBC
verb 3

TAO Cloud VPN Server: The remote server address is connect.vpn.taocloud.org on port 1194 (UDP) or 443 (TCP).

Security Note: Never share your configuration files or certificates with unauthorized users. These files contain sensitive information that can be used to access your VPN.

5. Connecting to VPN

5.1. Windows (OpenVPN GUI)

Step 1: Copy your .ovpn file to: C:\Program Files\OpenVPN\config\

Step 2: Right-click the OpenVPN GUI icon in the system tray

Step 3: Select your configuration and click "Connect"

Step 4: Enter your username and password when prompted

5.2. macOS (Tunnelblick)

Step 1: Double-click your .ovpn file to import it into Tunnelblick

Step 2: Click the Tunnelblick icon in the menu bar

Step 3: Select "Connect [configuration-name]"

Step 4: Enter credentials if prompted

5.3. Linux (Command Line)

Step 1: Save your configuration file (e.g., client.ovpn)

Step 2: Connect using:

sudo openvpn --config client.ovpn

Step 3: Enter credentials when prompted

Alternative - Background connection:

sudo openvpn --config client.ovpn --daemon

5.4. Verifying Connection

To verify your VPN connection:

  • Check your IP address: curl ifconfig.me

  • Verify DNS resolution works correctly

  • Test access to internal resources (if applicable)

  • Monitor connection logs for any errors

6. Troubleshooting

6.1. Common Issues

Connection Timeout:

  • Check firewall settings

  • Verify server address and port

  • Try different protocols (UDP/TCP)

Authentication Failed:

  • Verify username and password

  • Check certificate validity

  • Ensure configuration file is correct

DNS Issues:

  • Add dhcp-option DNS 8.8.8.8 to config

  • Flush DNS cache: ipconfig /flushdns (Windows)

  • Check DNS leak: https://dnsleaktest.com

6.2. Log Analysis

Enable verbose logging by adding to your configuration:

verb 4
log openvpn.log

6.3. Testing Connectivity

Test basic connectivity:

ping 8.8.8.8

Test DNS resolution:

nslookup google.com

Check routing table:

route print  # Windows
ip route     # Linux

7. Security Best Practices

Important Security Guidelines:

  • Always use strong, unique passwords

  • Keep your OpenVPN client updated

  • Never share configuration files

  • Use two-factor authentication when available

  • Regularly rotate certificates and keys

  • Monitor connection logs for suspicious activity

  • Disconnect VPN when not needed

  • Use kill switch feature to prevent data leaks

7.1. Kill Switch Configuration

Add these lines to your configuration for automatic disconnection on VPN failure:

# Windows
block-outside-dns
# Linux/macOS
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

7.2. Certificate Management

Certificate Security:

  • Store certificates in secure locations

  • Set appropriate file permissions (600 on Unix systems)

  • Use certificate password protection when possible

  • Regularly check certificate expiration dates

8. Advanced Usage

8.1. Custom Routing

To route only specific traffic through VPN:

# Add to configuration
route-nopull
route 192.168.1.0 255.255.255.0

8.2. Multiple Configurations

Manage multiple VPN configurations by organizing them in separate directories and using descriptive names.

8.3. Scripting and Automation

Use scripts to automate connection processes:

#!/bin/bash
sudo openvpn --config /path/to/config.ovpn --auth-user-pass /path/to/credentials.txt --daemon

For additional support, contact your VPN administrator or visit the official OpenVPN documentation at https://openvpn.net/community-resources/