> ## Documentation Index
> Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Quick Reference

> Concise summary of prerequisites and high-level steps for the OpenVPN integration.

This section offers a quick reference to key prerequisites and high-level implementation steps. For basic testing procedures for the integration, see [**Validate and test**](./Post-integration_tasks/Validate_and_test).

## Pre-implementation

Ensure your environment complies with the following requirements:

* Install dependencies
  * OpenSC (from source or with package manager under `opensc`)
  * OpenVPN Access Server
  * Python 3.6 and newer
    * Python library `asn1crypto`
* Check OpenSSL version (v3.0 or newer)
* Admin privileges on the Vectera Plus

## Implementation

<Note>
  You can complete most tasks in this section by using either Excrypt Manager or FXCLI. The exception is the second option of task 7 (Create connection certificates for mutual authentication), for which you must use FXCLI.

  You can optionally complete steps 4 through 6 by using the Guardian Series 3 (see the applicable guide for configuring HSMs for PKCS #11 integrations by using the Guardian Series 3).
</Note>

<Note>
  If you use a virtual HSM for the integration, you must connect to it over the network through FXCLI, the Excrypt Touch, or the Guardian Series 3.
</Note>

* Install Futurex﻿ PKCS #11 module (**FXPKCS11**)
* Install Futurex Commande Line Interface (**FXCLI**)
* Configure Vectera:
  * Connect to the HSM with a USB to enable Excrypt Manager or FXCLI
  * Confirm Command Primary Mode is General Purpose (GP), and PKCS #11 feature is enabled
  * Configure HSM's network
  * Load FTK, PMK, and BEK major keys
  * Configure the transaction processing connection
  * Create a new application partition for the integration
  * Create a new identity and give it access to the newly created application partition
  * Configure TLS with either server-side or mutual authentication
* Edit the FXPKCS11 configuration file
* Install and configure pkcs11-provider
* Prepare Cryptographic material for Access Server﻿
  * Set Access Server in external PKI mode
  * (Optional) Create server CA
  * Generate server certificate and key
  * Generate client certificate and key
* Configure Access Server and setup a test client
  * Generate `tls_auth` key
  * Generate Diffie-Hellman parameters
  * Import certificate and key files to Access Server
  * Configure test client on Access Server admin UI
  * Generate and download a server-locked profile for the client
  * Install the profile and P12 file to OpenVPN Connect v3 application

## Post-implementation

After you complete the integration, perform the following tasks to validate it:

* Using OpenVPN Connect application, validate the connection by connecting to the VPN using the certificate and P12 file.
