VPN Azure lets clients connect without firewall configuration by relaying through the cloud.
Internet Connection Keep-Alive
Layer 3 Switches
Switch Name
Status
Interfaces
Routes
Interfaces
Routing Table
Virtual Interfaces
Hub
IP Address
Subnet Mask
Static Routes
Network
Subnet Mask
Gateway
Metric
vpnweb Settings
SMTP (Outgoing Email)
Used to send registration invite links to new users.
User Registration
Settings for the self-registration link sent to new users.
YubiKey System PUK
Set before issuing YubiKeys. The PUK is programmed into each key silently during browser registration and is never shown to the user. Keep a secure copy — it is needed to reset locked keys.
Registry Backup
Backs up yubikey_registry.json via rclone.
Works with Google Drive, S3, Dropbox, SFTP, and any other rclone-supported destination.
One-time setup on the server: apt install rclone (or see rclone.org) rclone config → follow prompts → name your remote (e.g. gdrive)
Then enter the remote path below, e.g. gdrive:vpnweb-backup
⚠ rclone not found in PATH — install it first
YubiKey Registry
History of YubiKeys programmed through browser registration. The last known PUK is shown per key — if a user changes their PUK manually afterwards, this record will be stale.
Serial
Last User
Last Programmed
Last Known PUK
History
No YubiKeys registered yet.
Create Hub
Create User
Certificate Details
User will receive an email with a link to download their certificate. SMTP must be configured in vpnweb Settings.
Certificate will be generated immediately. Open the user to download the .p12.
Edit User —
Import into YubiKey: ykman piv certificates import 9a user.p12
— or paste PEM —
The .p12 will be saved on the server. Use the Download .p12 button to retrieve it. Import into YubiKey: ykman piv certificates import 9a user.p12
OpenVPN Config
Community CLI / GUI — requires pkcs11-id
OpenVPN Connect v3.3+ (Windows/macOS) — no pkcs11-id needed
After import: edit profile → Certificate and Key → Assign → Hardware Tokens → select YubiKey → PIN. Requires Yubico PIV Tool + copy libykcs11.dll to C:\Program Files\OpenVPN Connect\pkcs11_modules\
Registration Invite
Send a new registration link — generates a fresh certificate and replaces any existing one.
Revoke Certificate
Create Group
Edit Group —
Create L3 Switch
Add Virtual Interface
Add Static Route
Add Local Bridge
Add TCP Listener
New Cascade Link
Session
Per-Session MAC & IP
MAC Addresses
MAC
VLAN
Updated
IP Addresses
IP
DHCP
Updated
Hub MAC Address Table
MAC Address
Session
VLAN
Created
Updated
Hub IP Address Table
IP Address
Session
DHCP
Created
Updated
Add Access Rule
–
–
Connection Profiles
New Profile
Secondary address (optional — tried if primary is unreachable)
