Menu Content/Inhalt
Home

OpenVPN Setup Guide Print
April 2014
This is an adaptation of the Easy Windows Guide with advice from Daryl, modified to suit Compucon's IPVS project needs.

Original Source: https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide
Last Retrieved: 17 April 2014

OpenVPN Setup Guide

This page contains a no-frills guide to getting OpenVPN up and running on a Windows server and client(s). For a more detailed understanding of setting up OpenVPN and its advanced features, see the HOWTO page.

Table of contents

  1. Downloading and Installing OpenVPN
  1. Certificates and Keys

2.1 Preparatory Steps

2.2 Building Certificates and Keys
  1. Configuration Files

3.1 Server Config File

3.2 Client Config Files

  1. Copying the Server and Client Files to Their Appropriate Directories
  1. Starting OpenVPN
  1. Further Considerations / Troubleshooting

6.1 Firewall Configuration

6.2 Port Forwarding

6.3 Static Internet IP

6.4 Running OpenVPN as a Service

6.5 Security Tips

Downloading and Installing OpenVPN

  1. On the Admin system (for building certificates and keys):
    1. Download the installer from here and run it on your own PC.
    2. During setup, make sure all components are installed (tick all options)
  1. On the Remote Server system (the target server):
    1. Download the installer and run it on the target system (to be managed)
    2. During setup, uncheck the OpenVPN GUI (we do not want a GUI on the server)
  1. On each Client PC (used for connecting to the server):
    1. Install OpenVPN on each client with the default options (this step can be skipped for now and done at any convenient time).

Certificates and Keys

Preparatory Steps on the Admin system

  1. Navigate to the C:\Program Files\OpenVPN\easy-rsa folder in the command prompt:
    1. Press Windows Key + R
    2. Type "cmd.exe" and press Enter.
      cmd.exe
    3. Navigate to the correct folder:
      cd "C:\Program Files\OpenVPN\easy-rsa"
  1. Initialize the OpenVPN configuration:
    init-config.bat
    • NOTE: Only run init-config once, during installation.
  1. Open the vars.bat file in a text editor:
    notepad vars.bat
  1. Edit the following lines in vars.bat, replacing "US", "CA," etc. with your company's information:
    set HOME=%cd%
    set KEY_DIR=keys
    set KEY_SIZE=2048
    set KEY_COUNTRY=NZ
    set KEY_PROVINCE=NI
    set KEY_CITY=Auckland
    set KEY_ORG=Compucon
    set KEY_EMAIL= This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
    set KEY_CN=Compucon-CA
    set KEY_NAME=Compucon-CA
    set KEY_OU=TSD
  1. Save the file and exit notepad.
  1. Copy the easy-rsa folder into C:\Program Files\OpenVPN\OpenVPN\SiteName (change SiteName to suit the IPVS project). From now on, work within this particular easy-rsa folder. The base easy-rsa folder at C:\Program Files\OpenVPN\easy-rsa is now a reference to make other projects.
  1. Run the following commands:
    vars.bat
    clean-all.bat

Building Certificates and Keys

  1. The certificate authority (CA) certificate and key:
    build-ca.bat
    • When prompted, press enter to accept the default values:
      Country Name (2 letter code) [NZ]:
      State or Province Name (full name) [NI]:
      Locality Name (eg, city) [Auckland]:
      Organization Name (eg, company) [Compucon]:
      Organizational Unit Name (eg, section) [TSD]:
      Common Name (eg, your name or your server's hostname) [Compucon-CA]:
      Email Address [ This e-mail address is being protected from spam bots, you need JavaScript enabled to view it ]:
  1. The server certificate and key:
    build-key-server.bat server
    • When prompted, enter the "Common Name" as "server"
    • When prompted to sign the certificate, enter "y"
    • When prompted to commit, enter "y"
  1. Client certificates and keys:
  1. For each client, choose a name to identify that computer, such as "firstname-lastname":
    build-key.bat firstname-lastname
    • When prompted, enter the "Common Name" and "Name" as the name you have chosen (e.g. "edmond-chan")
  1. Repeat this step for each client computer that will connect to the VPN.
  1. Generate Diffie Hellman parameters (This is necessary to set up the encryption)
    build-dh
  2. Generate a shared-secret key that is used in addition to the standard RSA certificate/key:
openvpn --genkey --secret ta.key

Configuration Files

  1. Find the sample configuration files:
    Start Menu -> All Programs -> OpenVPN -> OpenVPN Sample Configuration Files

Server Config File

  1. Open server.ovpn (rename to Compucon-IPVS-SiteName-NVRServer.ovpn)
  1. Find the following lines:
    ca ca.crt
    cert server.crt
    key server.key
    dh dh2048.pem
    server 10.8.0.0  255.255.255.0
  1. Edit them as follows:
    ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
    cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
    key "C:\\Program Files\\OpenVPN\\config\\server.key"
    dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"
    server 10.8.0.0 (change IP address to suit the receiving NIC) 255.255.255.0
  1. Add the following line (if not already present):
    tls-auth ta.key 0
    proto udp
  1. Save the file as C:\Program Files\OpenVPN\OpenVPN\SiteName\easy-rsa\Compucon-IPVS-SiteName-NVR.ovpn

Client Config Files

This is similar to the server configuration

  1. Open client.ovpn
  1. Find the following lines:
    ca ca.crt
    cert firstname-lastname.crt
    key firstname-lastname.key
  1. Edit them as follows:
    ca "C:\\Program Files\\OpenVPN\\config\\Compucon-IPVS-SiteName-FirstName-LastName\\ca.crt"
    cert "C:\\Program Files\\OpenVPN\\config\\Compucon-IPVS-SiteName-FirstName-LastName\\firstname-lastname.crt"
    key "C:\\Program Files\\OpenVPN\\config\\Compucon-IPVS-SiteName-FirstName-LastName\\firstname-lastname.key"
    • Note that the name of the client certificate and key files depends upon the Common Name of each client.We will change these later for each client.
  1. Edit the following line, replacing "my-server" with your server's public Internet IP Address or Domain Name. If you need help, see Static Internet IP below.
    remote my-server (change to Public Static IP) 1194
  1. Add the following lines (if not already present):
    tls-auth ta.key 1
    proto udp
  1. Save the file as C:\Program Files\OpenVPN\OpenVPN\SiteName\easy-rsa\Compucon-IPVS-SiteName-FirstName-LastName.ovpn (each client will need a different, but similar, config file depending upon that client's Common Name.)

Copying the Server and Client Files to Their Appropriate Directories

  1. Copy these files from C:\Program Files\OpenVPN\OpenVPN\SiteName\easy-rsa\ to C:\Program Files\OpenVPN\config\ on the server:
    ca.crt
    dh2048.pem
    server.crt
    server.key
    ta.key
    server.ovpn
  1. Copy these files from C:\Program Files\OpenVPN\OpenVPN\SiteName\easy-rsa\ on the server to C:\Program Files\OpenVPN\config\ on each client (edmond-chan, in this example):
    ca.crt
    edmond-chan.crt
    edmond-chan.key
    ta.key
    edmond-chan.ovpn

Starting OpenVPN

  1. Transmit all needed files to the server and client computers accordingly using a secure means such as a USB drive (email is not always a secure means).
  2. On the server, run the Windows Service administrative tool:
    1. Press Windows Key + R
    2. Type "services.msc" and press Enter.
      services.msc
  3. Find the OpenVPN service, and set its Startup Type to "automatic."
  4. Optionally, start the service now
  5. On the client, run OpenVPN from:
    Start Menu -> All Programs -> OpenVPN -> OpenVPN GUI
  6. Double click the icon which shows up in the system tray to initiate the connection. The resulting dialog should close upon a successful start.

 

Further Considerations / Troubleshooting

OpenVPN Server adapter name

In the server.ovpn file the following line needs to match the name of the OpenVPN virtual NIC:

dev-node "OpenVPN Server"

Therefore, if dev-node in the .ovpn file is "OpenVPN Server" or otherwise, please rename the virtual NIC interface under adapters on the server to match.

Use Fully Qualified Paths

These lines should exist in the server.opvn file:

ifconfig-pool-persist "C:\\Program Files\\OpenVPN\\log\\ipp.txt"

tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 0 # This file is secret

status "C:\\Program Files\\OpenVPN\\log\\openvpn-status.log"

log-append  "C:\\Program Files\\OpenVPN\\log\\openvpn.log"

Firewall Configuration

If you have connection problems, make sure to set a rule on your server's firewall allowing incoming traffic on UDP port 1194.

Port Forwarding

If your server is behind a router, you will need to forward the port chosen for OpenVPN (in this example UDP 1194) to the server. Consult your router's documentation for details on this.

To set up port forwarding, you will likely need to set up the server with a static local IP address instead of the default dynamic (changing) IP. Instructions for Windows XP may be found here. Make sure to choose a static IP address that is not in the range your router might assign as a dynamic IP, but is within the router's subnet (usually 192.168.0.xxx , 10.0.0.xxx , or similar).

Static Internet IP

Your server will need to have a static internet IP or Domain Name to be accessible over the long term. One solution is to sign up for an account with DynDNS and install the DynDNS Updater on your server. When signing up you will determine the static Domain Name of your server. (For example, "myserver.dyndns.org") You will use this Domain Name in the client configuration files as part of the "remote" directive.

Running OpenVPN as a Service

Running OpenVPN as a service will allow:

Security Tips

Cloning OpenVPN Servers

If including OpenVPN in a cloned server build you will find that all servers will have the same MAC address for the TAP device. This will cause packet loss across the network. Standard methods of changing the IP address from scripts do not work on the TAP device, to resolve this delete and recreate the TAP device using the scripts included with OpenVPN:

C:\Program Files\OpenVPN\bin\deltapall C:\Program Files\OpenVPN\bin\addtap

You will then have to rename the connection to match the entry in the config file.

 

Appendix: Hardening OpenVPN Security

One of the often-repeated maxims of network security is that one should never place so much trust in a single security component that its failure causes a catastrophic security breach. OpenVPN provides several mechanisms to add additional security layers to hedge against such an outcome.

tls-auth

The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification. Any UDP packet not bearing the correct HMAC signature can be dropped without further processing. The tls-auth HMAC signature provides an additional level of security above and beyond that provided by SSL/TLS. It can protect against:

Using tls-auth requires that you generate a shared-secret key that is used in addition to the standard RSA certificate/key:

openvpn --genkey --secret ta.key

This command will generate an OpenVPN static key and write it to the file ta.key. This key should be copied over a blockquote-existing secure channel to the server and all client machines. It can be placed in the same directory as the RSA .key and .crt files.

In the server configuration, add:

tls-auth ta.key 0

In the client configuration, add:

tls-auth ta.key 1

proto udp

While OpenVPN allows either the TCP or UDP protocol to be used as the VPN carrier connection, the UDP protocol will provide better protection against DoS attacks and port scanning than TCP:

proto udp  

Appendix: Unified File for iOS

# copy and paste the text below to replace all text between ca and tls-auth ta.key 1 in the .ovpm file # ca "C:\\Program Files\\OpenVPN\\config\\Compucon-IPVS-QIPS21-edmond-chan\\ca.crt"
# cert "C:\\Program Files\\OpenVPN\\config\\Compucon-IPVS-QIPS21-edmond-chan\\edmond-chan.crt"
# key "C:\\Program Files\\OpenVPN\\config\\Compucon-IPVS-QIPS21-edmond-chan\\edmond-chan.key"

<ca>
</ca>

<cert>
</cert>

<key>
</key>

# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
#   digitalSignature, keyEncipherment
# and the extendedKeyUsage to
#   serverAuth
# EasyRSA can do this for you.
remote-cert-tls server

# If a tls-auth key is used on the server
# then every client must also have the key.
# tls-auth ta.key 1

key-direction 1
<tls-auth>
</tls-auth>
 

Appendix: Revoking Certificates

 

Revoking Certificates

Revoking a certificate means to invalidate a previously signed certificate so that it can no longer be used for authentication purposes.

Typical reasons for wanting to revoke a certificate include:

  • The private key associated with the certificate is compromised or stolen.
  • The user of an encrypted private key forgets the password on the key.
  • You want to terminate a VPN user's access.

Example

As an example, we will revoke the client2 certificate, which we generated above in the "key generation" section of the HOW TO

First open up a shell or command prompt window and cd to the easy-rsa directory as you did in the "key generation" section above. On Linux/BSD/Unix: 

		. ./vars
	./revoke-full client2

On Windows: 

		vars
	revoke-full client2

You should see output similar to this: 

		Using configuration from /root/openvpn/20/openvpn/tmp/easy-rsa/openssl.cnf
	DEBUG[load_index]: unique_subject = "yes"
	Revoking Certificate 04.
	Data Base Updated
	Using configuration from /root/openvpn/20/openvpn/tmp/easy-rsa/openssl.cnf
	DEBUG[load_index]: unique_subject = "yes"
	client2.crt: /C=KG/ST=NA/O=OpenVPN-TEST/CN=client2/emailAddress=
 This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
 
	error 23 at 0 depth lookup:certificate revoked

Note the "error 23" in the last line. That is what you want to see, as it indicates that a certificate verification of the revoked certificate failed.

The revoke-full script will generate a CRL (certificate revocation list) file called crl.pem in the keyssubdirectory. The file should be copied to a directory where the OpenVPN server can access it, then CRL verification should be enabled in the server configuration: 

		crl-verify crl.pem

Now all connecting clients will have their client certificates verified against the CRL, and any positive match will result in the connection being dropped.

CRL Notes

When the crl-verify option is used in OpenVPN, the CRL file will be re-read any time a new client connects or an existing client renegotiates the SSL/TLS connection (by default once per hour). This means that you can update the CRL file while the OpenVPN server daemon is running, and have the new CRL take effect immediately for newly connecting clients. If the client whose certificate you are revoking is already connected, you can restart the server via a signal (SIGUSR1 or SIGHUP) and flush all clients, or you can telnet to the management interface and explicitly kill the specific client instance object on the server without disturbing other clients.

While the crl-verify directive can be used on both the OpenVPN server and clients, it is generally unnecessary to distribute a CRL file to clients unless a server certificate has been revoked. Clients don't need to know about other client certificates which have been revoked because clients shouldn't be accepting direct connections from other clients in the first place.

The CRL file is not secret, and should be made world-readable so that the OpenVPN daemon can read it after root privileges have been dropped.

If you are using the chroot directive, make sure to put a copy of the CRL file in the chroot directory, since unlike most other files which OpenVPN reads, the CRL file will be read after the chroot call is executed, not before.

A common reason why certificates need to be revoked is that the user encrypts their private key with a password, then forgets the password. By revoking the original certificate, it is possible to generate a new certificate/key pair with the user's original common name.

 

Renewing expired CRL.pem file (for CRL has expired error)

if you extract the following command from the revoke-full.bat
$OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
and rework it for your cwd
openssl ca -gencrl -out keys/crl.pem -config ./openssl.cnf
then that should work.
  1. Run vars
  2. run openssl ca -gencrl -out keys\crl.pem -config ./openssl-1.0.0.cnf

  Upload newly generated crl.pem file to OpenVPN\config folder on the server(or wherever it is located).

 
 
Compucon in North Harbour Business Expo on 15 May 2014 Print
April 2014
We would like to invite all friends of Compucon and all members of North Harbour Business Association to visit this event, and in particular, the Compucon shows.

The event is organized by North Harbour Business Association to be held in North Harbour Stadium ASB Lounge on 15 May 2014 Thursday from 10:30am to 5:30pm.  It is intended to be a snapshot of the variety of businesses located in North Harbour Industrial Estate and it is open to the public.  For complete info of the event and its organizer, please click here


To view the infromation handed out at the Expo by Compucon please follow the link on the left. This PDF contains infromation on the SKA Telescope and Video Anayltics.

The Compucon stand is at location 1 and 2, which faces the business lounge for max event atmosphere. 
Expo Floor Plan
 
Compucon Peer Preparation Brief Print
April 2014
NHBA Expo 15 May 2014 (updated 2014-0413)

  • Who are the visitors?  We obtained a visitor list of about 600 persons last year from the organizer.  Unfortunately about half of them were in sales and they were interested in leads and have asked to unsubscribe as they were not interested in info other than leads.  The other half consists of a mix of backgrounds but mostly small businesses and single person practices.  We would be pleased if each team member present in the event obtains one genuine customer as a direct consequence of presence. 
  • The most positive effect any organization can achieve in such type of events is to leave the public with a professional and reliability image.  The worst image anyone can create is to push people to buy.  Obviously we want to obtain the most positive effect and avoid creating a bad image but the demarcation between positive and negative is a fine line.  Anyway we will just provide info to the public for their reference and let them make the judgment.  The info shall be able to convey to the public who we are, what we do, and where to contact us.  For the Business Expo on 15 May 2014, we have shortlisted the following types of info to provide at Stand #1 and #2.
  • Who is Compucon?  Compucon is a computing system integrator established in 1992 with engineering research and development capabilities.  Provide a list of achievements over the years (ISO-9001 in 1995, DX Server in 1998, Heavy Data in 2005, IPVS in 2008, GPGPU in 2011 and SKA in 2013). 
  •  What does Compucon do?  Compucon runs 4 teams of computing system development and production- standard PC and servers, heavy data systems, IP videal surveillance systems, and parallel computing systems.  Compucon is developing high performance computing systems as a spinoff of participating in SKA design.  Compucon serves business customers along the FFP and TCO principles.
  •  How to contact Compucon?  Compucon peers planned to be present at the stands are Andy J (standard computing platforms), David A (accounting and taxation computing), Hamish (enterprise level computing), and Ratan (video surveillance systems).  Compucon staff members are Raymond (heavy data systems) and TN (GPGPU, HPC, and SKA).
  •  As a static tool to provide the above info, we will run 2 data projections on the wall.  They will be out of sync by half cycle.  One cycle will take about 5 minutes which is short enough for a visitor to afford and long enough to convey our messages.  The same info will be on printed sheets for visitors to take away. Names of people with specialization and contact details on our stands will be printed on sheets for visitors to take away.  The sheets will be bounded into a manual.
  • We take 2 stands only this time instead of 3 stands last time. We observed that visitors would stop at a stand but would skip extra space of the same display.  However, we will need the space of 2 stands to accommodate our presence.  Apart from the 2 data projections on the wall and hand-out manuals on the table, we plan to have a 2m portable poster at the stand and some chairs.  Should we have a Platinum, Superhawk, Diamond, and Onyx chassis there as stationery display?  
  • TN will speak at 11:15am for 30 minutes in an Expo Seminar room.  The theme will be on a breakthrough of New Zealand on the world stage of computing, and how businesses can benefit from the efforts of Compucon to spinoff the know-how at an industry level in New Zealand. 
  • Our team will have dinner after the event in the evening presumably at the same restaurant as last year.
 
Credit Card transactions (Paymate) Print
April 2014

CREDIT CARD PROCESSING

We have an account with a third party agent called Paymate (based in Australia). They can assist us in processing credit card payments as long as we meet the following criteria:
  • The standard monthly transaction limit is $20,000
  • The minimum payment amount a sender can make in a single payment transaction via Paymate is $1, and the maximum is $9,999
  • The credit card is a MasterCard or VISA

The cost to us is:

  • 3.0% + 50c per transaction

Settlement:

  • Unless the payment raises any flags in Paymate's anti-fraud system, transactions under $200 made before 3pm will be paid to us on the same day (within 24 hours)
  • For transactions over $200 made before 3pm, we will be paid on the next business day (in the evening). It will show up in our bank account by the second business day.
  • For transactions made after 3pm it will be considered as having been made on the following business day before 3pm.
IMPORTANT NOTES
  • We will charge customers a credit card handling surcharge of 3.5%.
  • If we need to quote a customer more accurately, the charge to put on a credit card is:
    • (<Total invoice value inclusive of GST> + 0.5) / 0.97
  • The Fee is therefore:
    • The answer above minus the <Total invoice value inclusive of GST>
  • If the invoice value is $100 or less, apply a minimum surcharge of $3.5 + GST.
  • Excel spreadsheet: compucon.co.nz/files/Credit Card (Paymate).xlsx

 

PROCEDURE FOR CUSTOMER TO PAY US
  1. Provide customer with an updated invoice to include the 3rd party credit card surcharge.
  2. Ask customer to kindly go to https://www.paymate.com/PayMate/ExpressPayment?mid=mtnz&amt=199.99&ref=i58275 to arrange a payment to us. Change the amt= and ref= to the correct invoice amount and invoice reference number. When they go to the link it should show "Compucon New Zealand" as the mechant and include the correct amount and iXXXXX reference.
  3. The amount to pay will be shown on the updated invoice including the surcharge. Alternatively the customer can call us to provide us with their credit card details, in which case we follow the procedure below.

PROCEDURE TO PROCESS PAYMENT BY US (card not present)

  1. Obtain credit card details and authorisation from customer
    1. Credit Card Number (16 digits long)
    2. Name on the card: (person's full name, usually without the company name)
    3. Expiry: (mm/yy, 4 digits long)
    4. CVV: (3 digits at the back of the card as security)
    5. Transaction amount: (total including GST in NZ dollars)
    • Fax, email or written confirmation from the customer is required as a precaution against fraud. This needs to identify the customer and prove an authority has been provided to process the transaction / payment. It will need to include the transaction amount as confirmation.

     

  2. Process the credit card payment
    1. Go to https://www.paymate.com/PayMate/ExpressPayment
    2. Enter our Merchant Email: as ' This e-mail address is being protected from spam bots, you need JavaScript enabled to view it '
    3. Enter an Order id: with 'Invoice xxxxx' and a description of the goods, such as 'Supermicro PSU'
    4. Enter in the credit card and payment details
    5. Enter in the Buyer details.
    6. Click on Pay Now.
    • If the details are accepted, you should see a similar screen as the following screenshot:

    Image

    • We will also receive an email confirmation at This e-mail address is being protected from spam bots, you need JavaScript enabled to view it .

     

  3. Wait for a second email confirmation before sending goods to the customer:
    1. The email should state "A payment to you has been approved and you will be paid tonight"
    2. This normally takes 24 hours, or as detailed above (see Settlement section)
    3. Advise or keep the customer informed as you see fit

     

At any time we can log in to our account at Paymate to see the current status of payments in the system:

 

Image

END
 
Compucon Extended Warranty Print
April 2014
Day One Upgrade Option- 1 or 2 Years On-site Warranty

This on-site warranty is an extension of the standard warranty to include travelling of a technician to visit site, and does not extend the scope of coverage as described under the Standard Warranty.  For a 2 hours phone response and 8 hours on-site warranty, the premium is 4% of the purchase price (software is included) per year subject to $90 minimum per machine.  For a 2 hours phone response and 4 hours on-site warranty, the premium is 6% of the purchase price subject to $140 minimum per machine per year.  For sites beyond 20KM of the city centre or the office of the nominated service provider, the service provider has the discretion of charging the end-user $1.20 per KM for the extra distance travelled in the event of a call-out.  The On-site Warranty card prevails if there is a difference of interpretation.

There is no price discount for systems containing items of 1-year warranty because on-site attendance is still required to remove the failed item from the system and to install a replacement if the end-user accepts to pay for the price of the replacement item.

Day One Upgrade Option- 3 Years Return to Base Warranty

The reseller price for this upgrade option is
o    3% of the system price (deducted of peripheral items not covered by the standard warranty) subject to a minimum of $60 per 5U and pedestal system
o    5% of the system price subject to a minimum of $120 per 1U/2U/3U/4U system

Day One Upgrade Option- 3 Years On-site Warranty

This option requires an upgrade to 3 years Return to Base Warranty plus an upgrade to 3 years On-Site.  The rates are as defined above.  Please note (N3W) components are included in the 3- year On-site price as On-site attendance is still required to remove the failed item from the system and to install a replacement if the end-user accepts to pay for the price of the replacement item

Upon Expiry Extension of Warranty Option- 3rd Year Warranty

For extending one more year of RTB warranty after the original warranty has expired, we will charge 3% for pedestal and 5% for rack systems subject to a minimum of $80 and $160 + GST respectively (as if the customer purchased 3rd year warranty on day one), plus an additional $25 + courier. The extension application must be registered with us within 2 weeks of the original warranty expiry and we will consider our offer to extend a system’s warranty based on spare parts availability i.e. do we have motherboard in stock and can other components be readily acquired.

The new invoice will be used as the new system serial number. We can ask the reseller to cover the old system serial label. This is so that when the customer or reseller calls us with the serial number, we see the new invoice first – this will tell us that the system is in fact under warranty. Otherwise if we use the original serial number only, we have no way to tell whether extended warranty has been purchased or

On-site warranty is $200 + GST per year since it is solely a labour charge.  OSW is conditional on having RTB validity.

Upon Expiry Extension of Warranty Option- 4th Year Warranty

For extending one more year of RTB warranty after the original warranty has expired, we will charge 6% for pedestal and 9% for rack systems. The extension application must be registered with us within 2 weeks of the original warranty expiry and we will consider our offer to extend a system’s warranty based on spare parts availability i.e. do we have motherboard in stock and can other components be readily acquired.

On-site warranty is $200 + GST per year since it is solely a labour charge.  OSW is conditional on having RTB validity.
 
More...
<< Start < Prev 81 82 83 84 85 86 87 88 89 90 Next > End >>

Results 766 - 774 of 2511