Client VPN - OpenVPN with TOTP MFA

Client VPN - OpenVPN with TOTP MFA

Our legacy Client VPN Setup Article is located here for all Operating Systems

Client VPN is an add-on, flat rate, paid feature. We do not charge per account created. 
MSP's are able to create 1 management Client VPN account per customer at no charge. 

MFA VPN was introduced in Firmware Version 4.4.0

Your firmware Version can be checked in your Portal > Site Settings section:



Enable Client VPN and Create User Accounts (OpenVPN with MFA)

  1. Login to your Uplevel Portal
  2. From your Customer's Configuration Page choose VPN
  3. Click the Checkbox next to Enable VPN
  4. Choose
    Click here to add a VPN user

  5. Check Require MFA checkbox when creating the User Name, setting a Password, and choosing the Security Group the are a Member of
  6. Choose Save
  7. Wait 5 minutes for the VPN configuration and QR to be generated.
  8. Choose the Edit Pad Icon
  9. Choose Download MFA Files to download a .zip file that contains your OpenVPN "username.ovpn" configuration file and "username_qr.png" QR file.
  10. Unzip the downloaded files.

Install a TOTP client on your smartphone

  1. Install a 2FA (MFA) TOTP Authenticator app on to your smartphone (there are many options, Google Authenticator is a popular choice)
  2. Add a new account
  3. Open the PNG file with the QR code  "$username_qr.png" on your computer
  4. Aim your phone's camera at the QR code
If you do not have access to a smartphone:
  1. Install the Google Authenticator extension on Google Chrome or 2FAS for Firefox, Edge, Brave, or Opera.
  2. Contact Uplevel Support and we will provide you the 16-digit access code in lieu of scanning a QR code.

Install OpenVPN Client for Windows

If you do not have OpenVPN Client  installed on your host:
  1. Double-click on the extracted MFA Files directory
  2. Double-click VPNInstaller.exe, this will download, install, and configure OpenVPN for your system.
  3. You will be prompted to install OpenVPN, go through the prompts, and install OpenVPN in the default directory.
  4. Once installation finishes, VPNInstaller will launch OpenVPN.
  5. Enter your Username, Password, and the One-Time Code from your Authenticator app to connect.

Install Tunnelblick Client for OSX

OSX does not have a native OpenVPN client. Please download Tunnelblick for all OSX versions - https://tunnelblick.net/

Install OpenVPN Client for Linux

OpenVPN Client for Linux is available through your package management system (apt, yum, pacman, dnf, zypper) for you Linux Version.

Install OpenVPN Connect for IOS 



    • Related Articles

    • Client VPN - ( L2TP-IPSEC, SSTP, SSL)

      Login to your Uplevel Portal From your Customer's Configuration Page choose VPN Click the Checkbox next to Enable VPN Choose Click here to add a VPN user Enter Username, Password, and the Security Group the User is a Member of SoftEther VPN Client ...
    • Site-to-Site VPN - Non-Uplevel (3rd Party VPN)

      Introduction You can quickly set up IPsec tunnels to connect to third-party firewalls and cloud services. We currently have 'pre-configured' configurations for Microsoft Azure, Amazon AWS, etc. to remove the complexity from connecting to those ...
    • Site to Site VPN (Uplevel to Uplevel)

      Introduction Configuring site-to-site VPNs between Uplevel Gateways is done with a single click. In addition, routing, switching, firewalling, VLANs are all configured automatically to ensure security with maximum convenience. Configuration From your ...
    • Pre-Deployment Checklist

      Pre-Deployment Checklist A Deployment Checklist is attached to this article and should be completed for each new client. This ensures that you have all of the necessary Static IPs, VPN Accounts, and other configurations to either pre-setup your ...
    • How are Disaster Recovery (Cloud Backups) Stored and Protected?

      How are Disaster Recovery (Cloud Backups) Stored and Protected? Online backups are stored on dedicated virtual drives, with each drive permanently attached to a dedicated virtual machine. These machines are firewalled off from all other VMs within ...