Sign in to the console
Authenticate to the Tidewater Edge firewall before opening the OpenVPN wizard. The console is reachable only from the management VLAN.
Choose the authentication backend
The wizard asks how clients will be verified. Field reps each carry their own account, so the server should validate individual users — not a single shared key.
Create the certificate authority
OpenVPN's TLS trust starts with a local certificate authority. Generate the CA first; the server certificate will be signed by it.
Create the server certificate
This certificate identifies the VPN server to connecting clients. It is signed by the CA you just created.
Create the CA in the previous step first.
Server settings
Bind the listener to the outside interface, pick the transport, and define the address spaces the tunnel will use.
Pool handed to connecting clients.
Internal subnet reachable through the tunnel.
Firewall rule configuration
Let the wizard add the rules that allow clients to reach the listener and pass traffic once connected. Without these, the tunnel negotiates but no traffic flows.
Create the VPN user accounts
With the server in user-auth mode, add a personal account for each field rep. These are the credentials they'll enter in their VPN client.
| Username | Full name | Status |
|---|---|---|
| No users yet. | ||