Configure Remote User Access using OpenVPN



Available from firmware version 8.0


Besides being able to use PPTP and L2TP with IPsec you can now also use OpenVPN for Remote User Access to your LAN.
This article describes how to configure your Peplink router and a Windows 10 client for remote User Access using OpenVPN.

Configuring your Peplink router

Log on to the web admin interface of the Peplink router.
On Balance models, navigate to Network > Remote User Access.
On MAX models, navigate to Advanced > Remote User Access.

The following menu will appear:

  1. Select OpenVPN
  2. Select the WAN interface and IP addresses where the OpenVPN server of the router should listen on.
  3. Select the client network (LAN subnet) that the remote user is allowed to connect to (this requires a DHCP server to offer IP addresses).
  4. Enter 1 or more Username(s) and password(s) for the Remote User
  5. Save and Apply the Changes

The username must contain lowercase letters, numerics, underscore(_), dash(-), at sign(@), and period(.) only.
The password must be between 8 and 12 characters long.

  1. Navigate to Status > Device
  2. Download and save the OpenVPN Client Profile.

You have a choice between 2 different OpenVPN Client profiles.

  • "route all traffic" profile
    Using this profile, VPN clients will send all the traffic through the OpenVPN tunnel
  • "split tunnel" profile
    Using this profile, VPN clients will ONLY send those traffic designated to the untagged LAN and VLAN segment through the OpenVPN tunnel.

Configuring a Windows 10 client pc

Download the OpenVPN windows installer of choice from:

Run through the OpenVPN Setup Wizard and click Finish.

Open the OpenVPN config folder and paste the OpenVPN client profile file to this directory.
In Windows 10 this is by deafult located in the directory: C:\Users%username%\OpenVPN\config
Run the OpenVPN GUI desktop app from the Windows 10 start menu.
Right-click the OpenVPN tray icon in the right bottom corner of your screen and click connect.
An OpenVPN window opens showing the connection process.
Type in the password that you configured earlier to establish the Remote VPN connection.


Hello Erik,
Could we change the port UDP 1194 to TCP 443?


Hello Gokhan,
Currently the router only listens on UDP port 1194.
It might be possible to make this an editable option in future.
Could you raise this as a new feature request?


Hi Erik,
Thanks for this information. Can the Peplink device connect to an OpenVPN network as a client rather than as a server?



No. Server Mode Only,


Can you add the ability for the clients to access multiple networks?


Is it possible for the client to always connect with the same IP address instead of getting whatever IP address the router hands to it? Like connect with a static IP set on the client or have the router always give that client the same IP address?


How do we file a feature request to be an openvpn client? Pepwave being a client makes way more sense in a mobile 4G world. thank you!


I see that these instructions have changed slightly with 8 RC1 release. After upgrading from 8b3 to RC1 my OpenVPN no longer works. My Balance 20 does not have the “Authentication” row as seen in your image. Is that unique to the MAX models?


Hi Twomack,

The sreenshots were taken from a Balance Mediafast 500, they are not unique to the MAX models. Can you share a screenshot of what you see on your Balance 20?
Did you download the OpenVPN Client profile after the firmware upgrade?


Hi Erik,

I’ve attached the screenshot you requested and a screenshot of the log during connection. I did download both “Route all traffic” and “split traffic” profiles after the upgrade and they both failed the same way. Thanks!


Hi Twomack,

Could you log a ticket here to allow us to check what is going wrong?
The authorization failed, but I can’t see the reason why it failed.




Opened ticket. Ticket #792230