Line 269: |
Line 269: |
| | | |
| | | |
− | == OpenVPN TLS configuration with a Windows client == | + | ==OpenVPN TLS configuration example with Windows client== |
| + | This is an OpenVPN configuration example with a Windows client ([https://openvpn.net/client/client-connect-vpn-for-windows/ OpenVPN Connect]). This configuration requires the router to have a public IP address (Either static or dynamic IP). |
| | | |
| + | ===Public IP: Static / Dynamic=== |
| + | ----If your router have a static public IP address on one of its WAN interfaces, it will be used as the OpenVPN Server address on the client configuration file. |
| + | |
| + | In case you have a dynamic public IP address, it is recommended to use the '''[[Dynamic DNS]]''' functionality, and use the hostname provided by the DDNS service as the OpenVPN Server address. You can find some Dynamic DNS configuration examples [[DDNS Configuration Examples|here]]. |
| + | |
| + | ===OpenVPN Server configuration=== |
| + | ----For this example we will be creating a TUN (Tunnel) type connection that uses the UDP protocol for data transfer and TLS Authentication, you can refer to [[How to generate TLS certificates (Windows)?|this]] article for more information about TLS certificates and keys. Here is the router '''RUT1''' OpenVPN configuration ('''Server'''; LAN IP: '''192.168.1.1'''; WAN (Public static) IP: '''213.226.191.61;''' OpenVPN Virtual network will be '''10.0.0.0/24''') : |
| + | [[File:OpenVPN-Server-config.png|alt=OpenVPN-Server-Configuration|border]] |
| + | You can add push option ('''route 192.168.1.0 255.255.255.0''') to allow VPN clients to connect to the router LAN network. |
| + | |
| + | Once the VPN server is ready, It will change its status to Active: |
| + | [[File:Server-Status Active.png|border]] |
| + | |
| + | ===OpenVPN Windows client configuration:=== |
| + | ----For this step, you'll need to prepare a configuration file folder, it must contain the following files: |
| + | |
| + | *The root certificate file (Certificate Authority) |
| + | *Client certificate |
| + | *Client key |
| + | *OpenVPN client configuration file (Client_config.ovpn) |
| + | |
| + | Mainly, it should look like this: |
| + | |
| + | [[File:Config-Folder.png|border]] |
| + | |
| + | And this is the content of the OpenVPN client config file: |
| + | client |
| + | dev '''tun''' |
| + | proto '''udp''' |
| + | auth '''sha1''' |
| + | remote '''213.226.191.61 1194''' |
| + | resolv-retry '''infinite''' |
| + | nobind |
| + | persist-key |
| + | persist-tun |
| + | ca '''ca.crt''' |
| + | cert '''client.crt''' |
| + | key '''client.key''' |
| + | remote-cert-tls '''server''' |
| + | data-ciphers '''BF-CBC''' |
| + | cipher '''BF-CBC''' |
| + | comp-lzo '''no''' |
| + | keepalive '''10 120''' |
| + | After saving the configuration file, you can open the '''OpenVPN Connect''' software on your Windows operating system, upload the configuration file, and click connect: |
| + | |
| + | [[File:OpenVPN-Client-connected.png|border]] |
| + | |
| + | The OpenVPN Windows client is now connected to the OpenVPN server. |
| + | |
| + | ===Testing OpenVPN connectivity=== |
| + | ----From The Windows client side, you can try to ping the Router's LAN IP address ('''192.168.1.1''') and one of his LAN clients ('''192.168.1.167'''): |
| + | |
| + | [[File:Testing-VPN-Connectivity.png|border]] |
| + | |
| + | The Windows OpenVPN Client can now Ping the router's LAN Network successfully. |
| | | |
| ==See also== | | ==See also== |