Skip to main content

How do I configure VPN?

This guide shows how to activate the VPN client in KentixONE and import the OpenVPN configuration. It also explains how Manager and Satellites can reach each other via VPN - both when only one side is in the VPN and when both sides connect to the VPN.

Prerequisites

  • Access to the web interface of the respective device (Manager or Satellite) with administrator rights
  • OpenVPN configuration file (.ovpn) of the VPN server and CA certificate, if needed separately
  • Known IP address range/subnet of your VPN (e.g. 10.8.0.0/24)
  • VPN server must be reachable from the device network

Overview

  • The VPN configuration must be uploaded to each device that should connect via VPN.
  • After connecting, verify that the devices can reach each other via their VPN addresses (Ping/Communication in KentixONE).
  • The addresses to be entered during setup differ depending on whether only one side or both sides are in the VPN.

Step-by-Step Guide

1. Activate VPN client and upload files

  1. Navigate to Configuration → Network → "VPN" tab.
  2. Turn on the "Active" switch.
  3. Upload the OpenVPN configuration file in the "VPN Configuration" field.
  4. Upload the CA certificate of the OpenVPN server (if not included in .ovpn).
  5. Save.
tip

After saving, the device establishes the VPN connection. This can take 1-2 minutes depending on the environment. Afterwards, check if a VPN address has been assigned.

2. Scenario A: Only one side is in VPN (e.g. Satellite)

  • The Satellite connects to the VPN and receives a VPN address.
  • The Manager stays outside the VPN (only "normally" reachable).
  • For the Satellite to find the Manager, enter the VPN address under which the Manager should be reachable in the Satellite.
  • Set up the Satellite on the Main/Manager with its VPN address.

It's important that the Satellite can reach the Manager via the entered address. If necessary, use port forwarding/mapping on the Manager side to make the VPN address reachable.

3. Scenario B: Both sides are in VPN (Manager and Satellite)

  • Both devices connect to the same VPN and each receives a VPN address.
  • Enter the Manager's VPN address in the Satellite.
  • Set up the Satellite with its VPN address on the Manager.

This way communication runs completely over the VPN network; public/location IPs are no longer needed.

Tips & Tricks

  • Keep the .ovpn file and certificates version-safe; document changes.
  • Use fixed device names or static VPN IPs if your VPN supports this. This makes later relocations/expansions easier.
  • After changes, verify with a ping over the VPN addresses that devices can still reach each other, or check the online status in KentixONE.

Troubleshooting

  • No VPN address visible: VPN server not reachable, check port/firewall; certificate/configuration file correct?
  • Connection established but devices can't find each other: Check if you're really using the counterpart's VPN address in Satellite/Manager.
  • Only one side online: Check routing/NAT at the "non-VPN side" location; set up port forwarding to Manager if needed.

Glossary

  • VPN address: IP address that the device receives within the VPN network (e.g. 10.8.0.23).
  • OpenVPN configuration file (.ovpn): File containing server address, certificates/keys and connection parameters.
  • Setup process: Process by which a Satellite is made known to and connected with the Manager.