I just committed ZH Healthcare’s contribution to use VPN when connecting to their offsite portal. This is huge since it means can now have a patient portal without exposing the OpenEMR instance to the world wide web. Plan to include this in the next 4.1.2 patch.
I have a question regarding the offsite portal. I read the instructions for setting up the VPN (linux) but i’m confused. It says i should be able to download a certificate once i register with ZH healthcare, but i never see that option. The practice is configured but i am missing that VPN piece. With setting up VPN, i’ll need that certificate to authenticate. Would you be able to assist in setting the VPN piece up? The instruction guide i find is vague. Openemr is running on UBUNTU. I installed the openvpn via apt-get.
It does mention a connect.py file, but i don’t know where that will be located and how to configure that piece. Just need a little guidance…
DO NOT read, copy or disseminate this communication unless you are the
intended addressee. This e-mail communication may contain confidential
and/or privileged information intended only for the addressee. If you are
not the intended recipient, please note that any dissemination,
distribution, or copying of this communication is strictly prohibited. If
you have received this communication in error, please notify the sender
immediately by return e-mail, and delete it from your computer.
I have a question regarding the offsite portal. I read the instructions
for setting up the VPN (linux) but i’m confused. It says i should be able
to download a certificate once i register with ZH healthcare, but i never
see that option. The practice is configured but i am missing that VPN
piece. With setting up VPN, i’ll need that certificate to authenticate.
Would you be able to assist in setting the VPN piece up? The instruction
guide i find is vague. Openemr is running on UBUNTU. I installed the
openvpn via apt-get.
It does mention a connect.py file, but i don’t know where that will be
located and how to configure that piece. Just need a little guidance…
Thanks fsgl for the tutorial. ok now i got the client certificates and i have the openvpn server setup. I installed the openvpn on my firewall box (which i’m hoping where i need to install it) now the problem is how do i upload the certificate (client.conf, .crt and .key) files to zh healthcare? or do i have it reversed. zh healthcare is considered the host and my openemr server is the client and i initiate the vpn connection on my end? if so, then what parameters do i need to put in that client.conf file (i.e. server ip address and the desired port). When i created the client keys, it asked me to enter in a passphrase is that referring to the password that I used for the portal registration process?
Thank you so much for your help. i know i am almost there in being setup!
I provided the link above because ZH had not posted additional information in the interim.
From their document I get the impression that client does not need to get the certificate himself. If that were the case, there would be instructions in that regard in the document both for Windows & Linux users.
There is a connect.sh file that needs to be unzipped first. Put the unzipped file in a convenient folder. Apparently executing that file provides the connection. I assume the username & password are the same established at the time of registration.
ok i searched both the openemr server and my linux firewall box (where i installed openvpn) and i don’t have a connect.sh. Plus i was looking for a zip file when downloading openvpn and i don’t see that where i would extract a connect.sh. How do i get the .zip file?
Hi fsgl. I have read that thread before. My firewall is fine, i added the port that i am using for openvpn in the firewall so it’s not blocking it. I think my issue is on setup. Can you show me what a typical client.conf should look like. For example, i believe the two lines i need to modify are remote and the cert and keys line. I’m thinking remote needs to be zh healthcare’s server?
As I recall, there are two ways to download the vpn configuration files (note they are unique for each portal account and contain the connect.sh script):
Download them when open the portal account.
Download them in OpenEMR at Administration->Globals->Portal->“Download Offsite Portal Connection Files”(button at bottom of screen).
That might explain it. I don’t have the “download offsite portal connection files” button at that screen. I’m running openemr v4.1.2-20130215. Do i need to get some kind of patch to enable that function?
Patch 2 enables the VPN setup as noted here. Can’t tell which patch you are on because 4.1.2 was released on 8/17/2013. Easy enough to patch to 7 irrespective of which patch you have.
The above link is part of a very comprehensive Wiki article on Patient Portals.
Thanks fsgl, i’m going to look into patching server to patch 7. Thank you again for your help! I’ll post back to let you know how patch 7 went and if it (which it should) helped in getting the offsite portal working.
Great observation on your part regarding the patch. It may well have contributed to the setup difficulty in the above cited thread as well. The other poster could not find the connect file in his Windows server.
Please do give us followup. In addition to asking about firewall & permissions, patch number should be asked when this problem pops up again. The more extensive the troubleshooting check list, the easier it is to resolve.
Hi fsgl, i was able to patch openemr and now i see the download button for the offsite files. I’m still having a problem connecting. i started the ./connect.sh file and it looks good as far as i can see, but when i go to Portal Activity tab and then click on check connection, i am now getting an error message saying “Unable to resolve the server’s DNS address.” I have the openemr server behind a shorewall firewall. i’m remoted in via pptp vpn (poptop). It might be a firewall issue but i’m not sure how to resolve it.
Explanation of the error message found here. We know from the other thread that all firewalls must be disabled.
In regards to your prior question about certificates, a number of OpenVPN videos indicate that they are part of the setup download; thus that separate step is unnecessary.
Because you are using ZH’s Patient Portal, it would be best to ensure that the setup is correct, as explained in the video below.
[[embed url=https://www.youtube.com/watch?v=KyyKzZTa1fE]]
when you say “We know from the other thread that all firewalls must be disabled.”, does that mean if i open up the right ports that it needs it still won’t work? I played that video and i have done all that is said in there. Do you know all the ports that it needs to work?
I re-read the other thread, specifically this post. Apparently my understanding of the solution was imprecise. Adding an exception to the Windows 8 firewall is fairly straightforward on a local machine.
If you can add an exception to your Box, the answer will be obvious when you try to connect after adding the exception.
Sorry, I’m not much help regarding which port to use or if that would solve the problem.
If you are still unable to connect, I would suggest that you contact ZH directly. The developers are very much tied up with MU2 Certification leaving little time for hanging out in the Forums.
Let us know if you are successful with a followup post.
YES!!! i got it working! I had to add a setting to my shorewall firewall. I had to add in interfaces a vpn zone with interface tun0. Once i did that it worked. i had it originally setup as a ppp+. so that was my mistake. now i get a connection success! thank you so much for your help. the links you sent me gave me some indication where to look. now i have to figure out how the process works. I think i can find that in the video you added here.