Configure OpenVPN Connect to utilize the Futurex PKCS #11 hardware token

to configure openvpn connect to use the futurex pkcs #11 module and cryptohub as a hardware token, you must perform the following tasks locate and copy the futurex pkcs #11 module for openvpn connect to recognize it find your operating system below and follow the steps windows press windows + r to launch the windows run prompt enter "sysdm cpl" and press enter to launch the system properties window select the advanced tab, then click the \[ environment variables ] button under system variables , highlight path and click the \[ edit ] button click \[ new ] and add c \program files\futurex\fxpkcs11 then select \[ ok ] go to c \program files\futurex\fxpkcs11 and copy the file named fxpkcs11 dll go to c \program files\openvpn connect and create a new folder named pkcs11 modules open the new directory and paste the fxpkcs11 dll file you copied macos locate the library /usr/local/bin/fxpkcs11/libfxpkcs11 dylib open terminal and execute this command to create a symlink to the library file ln s /usr/local/bin/libfxpkcs11 dylib / pkcs11 modules/libfxpkcs11 dylib if the pkcs11 modules directory doesn't exist, you will see an error like this one below ln /users/futurex/ pkcs11 modules/libfxpkcs11 dylib no such file or directory if so, create it mkdir / pkcs11 modules open terminal and execute this command to create a symlink to the library file ln s /usr/local/bin/libfxpkcs11 dylib / pkcs11 modules/libfxpkcs11 dylib you can confirm the changes using the command below ls al pkcs11 modules assign an external certificate to the profile shut down openvpn connect if it's running launch openvpn connect import the connection profile, futurex profile ovpn select the edit icon for the profile under certificate and key , select \[ assign ] select hardware tokens select the cryptohub from the list and click \[ authorize ] it will be named something similar to "hsm 1830884596" enter the pin for the identity that is set inside the futurex pkcs #11 configuration file ( fxpkcs11 cfg ) and select \[ ok ] after successful authorization, choose the certificate and key for connection with the profile and select \[ confirm ] only select the client certificate and private key, not the ca certificate save the profile configuration connect with a profile and the hardware token now that you have the hsm stored certificate and key assigned to the profile, let's test the vpn connection select the profile toggle to connect enter the pin for the hardware token and click \[ ok ] after a successful connection, openvpn connect displays connection statistics