OpenVPN Tunnel
  • 16 Feb 2024
  • 2 Minutes to read
  • Contributors

    OpenVPN Tunnel

      Article summary

      OpenVPN is a popular protocol that has been adopted by many solutions and software vendors across the globe. If you are using an Operating System that is not supported by our agent (List of supported OS), or perhaps you need to create a specific connection to a single machine or you are not able to use the Harmony SASE client- you can utilize our OpenVPN tunnel feature to create a direct connection to your Harmony SASE network.

      The OpenVPN tunnel is not attached to a Harmony SASE user and does not offer any of the advanced security capabilities that the agent does such as Split Tunneling, DNS Filtering, Configuration Profiles, Firewall, Activity, SWG, DPC, and Single Sign-On.

      We'll need to make sure that we have the help of a Harmony SASE administrator in order to create the tunnel.

      Navigate to Networks -> Networks on the left side of your Harmony SASE portal

      Click on the ellipses next to the gateway and select Add Tunnel


      Select OpenVPN Tunnel


      Add a name for the tunnel. You will also see an Access Key ID and a Secret Access Key.

      • These credentials only appear at the point of creating the tunnel. Save these credentials as you'll need this for any future connection.
      • After clicking "Apply", these credentials will be encrypted and will not work anymore so make sure to copy them before applying the change.
      • You can always re-generate these credentials if they have been lost.


      Click on the ellipses next to the newly created OpenVPN tunnel and select Configuration


      You'll see a command which can be executed via terminal.
      If you're using macOS or Linux, the command will work as-is and it will download a file with the name "openvpn-config.ovpn"


      Non-CLI-Supported OS     
      To download the file on Windows, or any other Operating system that doesn't have a Command-Line Input function, copy the line starting from "https" and until the word "download".

      Open the link in a new window to download the configuration file.


      Download Tunnelblick VPN client - The VPN client choice is up to you, but we recommend Tunnelblick for simplicity.

      Drag and drop the openvpn-config.ovpn file into the client to add the configuration:


      Connect to the VPN. Use the Access ID and Secret Key as the username and password



      Download and install the OpenVPN Client
      Click on the OpenVPN icon

      Select "Import" -> Import file...

      Select the downloaded file "saferx-openvpn-client.ovpn"

      Once the file has been imported, right-click on the OpenVPN client and then click "Connect"

      Now enter the Credentials that you copied previously and click OK

      • Client Access ID = Username
      • Client Access Key = Password
      • Note that if the Client Access Key started with "$6$perimeter81$" it has already been encrypted and you would need to re-generate your credentials

      Was this article helpful?