Unable to download Client Config from OpenVPN Server
Figure I should offer a little more instruction since OpenVPN instructions for Scale seem to be few and far between. I am by no means a network security expert so some of what I say could be incorrect, but it’s what works for my setup:
First of all, in the server certificate and all client certificates the ‘Common Name’ field must be filled out, but for multiple clients each common name should be different. For example, my laptop client just has ‘laptop’ in the common name and my desktop just has ‘desktop’. to connect multiple clients with the same common name the line ‘duplicate -cn’ must be in the additional parameters field in the OpenVPN Server Service but this seems like a slight security risk and relatively easy to avoid.
For the config, this is the setup that works for me:
client
dev tun
proto **tcp OR udp**
remote **DDNS/PUBLIC IP** **PORT NUMBER**
(e.g. for the previous line: fakeserver.ddns.ip 1194)
user nobody
group nobody
persist-key
persist-tun
<ca>
**PASTE ROOT CERTIFICATE HERE**
</ca>
<cert>
**PASTE CLIENT CERTIFICATE HERE**
</cert>
<key>
**PASTE CLIENT PRIVATE KEY HERE**
</key>
verb 3
remote-cert-tls server
auth **AUTHENTICATION ALGORITHM CHOSEN IN SERVER SERVICE**
cipher **CIPHER CHOSEN IN SERVER SERVICE**
<tls-crypt>
**PASTE TLS CRYPT AUTH HERE**
</tls-crypt>
For key that needs to be pasted, they can be found by clicking on the root/client certificate in the GUI then clicking ‘view/download certificate’ or ‘view/download key’. These are to be just pasted into the config as-is (there’s a copy key button). The tls crypt auth is found in the OpenVPN Server Service and is also to be pasted as-is. If it’s not showing up, click save then reopen the service and it should be there.
Again, I’m completely a novice and less qualified than most of the users on here so take this with a grain of salt, but it’s what works for me.