Template:Networking rutos configuration example connecting to openvpn access server: Difference between revisions
Template:Networking rutos configuration example connecting to openvpn access server (view source)
Revision as of 16:54, 9 November 2020
, 9 November 2020Removed redirect to Template:Networking rutos configuration example connecting to openvpn access server
m (Justinasm moved page Template:Networking RUTX configuration example connecting to openvpn access server to Template:Networking rutos configuration example connecting to openvpn access server without leaving a redirect) |
(Removed redirect to Template:Networking rutos configuration example connecting to openvpn access server) Tag: Removed redirect |
||
Line 1: | Line 1: | ||
# | ==Introduction== | ||
'''OpenVPN Access Server''' is a set of installation and configuration tools that comes in one package, it simplifies the rapid deployment of a VPN remote access solution. At its core it is based on the popular OpenVPN open source software and maintains compatibility with it, making the deployed VPN immediately compatible with OpenVPN client software across multiple platforms and devices. | |||
This article provides an extensive configuration example with details on how to install an '''OpenVPN Access Server''' in a virtual machine connected to a {{{device}}} device, also provides the {{{device}}} OpenVPN client configuration. | |||
==Prerequisites== | |||
* Two {{{device}}} routers. | |||
* At least one router must have a '''Public Static''' or '''Public Dynamic IP''' address. | |||
* One PC to configure the OpenVPN access server and routers. | |||
==Configuration scheme== | |||
[[File:Networking_rutos_configuration_example_connecting_to_openvpn_access_server_openvpn_scheme_v1.png|border|class=tlt-border|center]] | |||
==Installing OpenVPN Access Server== | |||
First of all we will need to have working '''OpenVPN Access Server''' on PC, which would act as server. | |||
<b><span style="color: red;">Note:</span></b> Please keep in mind that for PC to act as any kind of server it '''MUST''' have either '''Public Static''' or '''Public Dynamic''' IP address.<br> | |||
If you're using Windows, we recommend installing OpenVPN Access Server in a virtual machine with Linux Ubuntu 18.04.1. | |||
For this manual we will assume you are working with Linux Ubuntu 18.04.1 on your virtual machine. | |||
*Login to your Linux machine. | |||
*Open the terminal (Ctrl + Alt + t). | |||
*Type the following commands into your virtual Linux machine to install '''OpenVPN Access Server''' (one at a time): | |||
sudo apt update && apt -y install ca-certificates wget net-tools gnupg | |||
It will ask for a password, it's the same one you use to login into your Linux Ubuntu. | |||
sudo –i | |||
wget -qO - https://as-repository.openvpn.net/as-repo-public.gpg | apt-key add - | |||
echo "deb http://as-repository.openvpn.net/as/debian bionic main">/etc/apt/sources.list.d/openvpn-as-repo.list | |||
exit | |||
apt update && apt -y install openvpn-as | |||
===Setting administrator password=== | |||
---- | |||
After installation restart the Linux machine, once the reboot is done, open terminal and set the password for OpenVPN Access | |||
Server administrator account, in order to do that use the following commands: | |||
sudo passwd openvpn | |||
Enter Linux machine password and then the password for OpenVPN Access Server administrator account, (see picture | |||
below):<br> | |||
[[File:Networking RUTX configuration example connecting to openvpn access server openVPN config passwd v1.jpg|border|class=tlt-border|1100px]]<br> | |||
If everything was done correctly, you should be able to access OpenVPN Access Server via virtual Linux machine from the web browser by entering: https://localhost:943<br> | |||
[[File:Networking RUTX configuration example connecting to openvpn access server openVPN login v1.jpg|border|class=tlt-border|1100px]]<br> | |||
Probably you will get a warning: <b>"Potential Security Risk Ahead"</b>, simply accept the risks and <b>Continue</b>. | |||
If for some reason the OpenVPN Access Server installation failed on your virtual machine, we recommend you to visit these pages, it could help you to solve the issue: [https://openvpn.net/vpn-server-resources/installing-openvpn-access-server-on-a-linux-system/ Installing openvpn access server on a linux system] and [https://https://openvpn.net/vpn-software-packages/ VPN Software Packages] | |||
<b>Note: Installed OpenVPN Access Server only provides 2 VPN connections.</b> | |||
==OpenVPN Access Server configuration== | |||
After installing OpenVPN Access Server on your virtual machine you will need to change some settings to get ''.ovpn'' configuration file and allow Teltonika Networking devices to connect as clients to this server. | |||
<br> | |||
*Login to your OpenVPN Access Server as administrator by entering this link into your web browser https://localhost:943<br> | |||
*By default username is: <b>openvpn</b> | |||
*The Password is the same as you have configured previously: | |||
[[File:Networking RUTX configuration example connecting to openvpn access server openVPN login2 v1.jpg|border|class=tlt-border|1100px]]<br> | |||
Once you are connected, scroll down and click on <b>Admin</b> button to get access to VPN configuration (it could ask to login again). | |||
You will need to set up some details into the OpenVPN Access Server: | |||
*Create new OpenVPN Access Server user. (Username and password) | |||
*Set up the Public IP address. | |||
*Once the new user is created, you will need to login with these credentials and download the .openvpn client file (it will be used in the {{{device}}} router) | |||
===Adding new user to OpenVPN Access Server=== | |||
---- | |||
In order to manage your users on OpenVPN Access Server navigate to <b>User Management -> User Permissions</b> | |||
[[File:Networking RUTX configuration example connecting to openvpn access server openVPN user permissions2 v1.jpg|border|class=tlt-border|1100px]]<br> | |||
#Type the username.<br> | |||
#Select <b>Allow Auto-login</b>.<br> | |||
#Click on <b>More Settings</b>.<br> | |||
#Add a password.<br> | |||
#Click on <b>Save Settings</b><br> | |||
[[File:Networking RUTX configuration example connecting to openvpn access server openVPN user permissions3 v2.jpg|border|class=tlt-border|1100px]] | |||
Click on <b>Update Running Server</b> (it should pop-up at the top of configuration window): | |||
[[File:Networking_RUTX_configuration_example_connecting_to_openvpn_access_server_openVPN_user_added_v1.jpg|border|class=tlt-border|1100px]] | |||
===Network settings=== | |||
---- | |||
Presuming that <b>OpenVPN Access Server</b> will be running on Windows PC (virtual machine with Linux installed) and assuming that Teltonika {{{device}}} device will be providing a public IP address for Windows PC we need to configure OpenVPN Access Server, virtual machine and {{{device}}} device to allow connection to OpenVPN Access Server. | |||
'''Setting IP address''' | |||
---- | |||
Now, our Windows PC and Linux systems will be getting public IP from Teltonika {{{device}}} device, so we need to make one more configuration to OpenVPN | |||
Access Server. | |||
#To get the IP address, login into your {{{device}}} device and check your WAN IP Address. | |||
[[File:Networking RUTX configuration example connecting to openvpn access server openVPN webui ip v3.jpg|border|class=tlt-border|1100px]] | |||
#Connect to the OpenVPN Access Server as <b>Administrator</b> https://localhost:943 | |||
##<i>Username: <b>openvpn</b></i> | |||
##<i>Password: The password you configured above in the <b>[[#Setting administrator password | Setting administrator password]]</b> step.</i> | |||
#Navigate to <b>Configuration -> Network Settings -> Hostname or IP address</b>. | |||
#Enter the public IP address of the Teltonika {{{device}}} device: | |||
[[File:Networking RUTX configuration example connecting to openvpn access server openVPN publicip v1.jpg|border|class=tlt-border|1100px]] | |||
#Save the settings and update running server. | |||
In this way, the clients .ovpn configuration files will be successfuly downloaded from server. | |||
==Virtual machine configuration== | |||
Now you will need to configure virtual machine network settings.<br> | |||
*Open the virtual machine and go to <b>Devices → Network → Network Settings</b> | |||
[[File:Networking RUTX configuration example connecting to openvpn access server VM netsettings v2.jpg|border|class=tlt-border|1100px]] | |||
#Click on <b>Advanced</b>. | |||
#Click on <b>Port Forwarding</b> and add the following rules. | |||
[[File:Networking RUTX configuration example connecting to openvpn access server VM port forwarding1 v1.jpg|border|class=tlt-border|1100px]] | |||
#Click on <b>Add</b> new rule. | |||
#Type the Port Forwarding rule name. | |||
#Select the protocol to use. | |||
#Type the ports in <b>Host port</b> and <b>Guest port</b> fields. | |||
#Click on <b>OK</b>. | |||
[[File:Networking RUTX configuration example connecting to openvpn access server VM port forwarding2 v2.jpg|border|class=tlt-border|1100px]] | |||
=={{{device}}} configuration== | |||
Also, you need to configure port forwarding on the {{{device}}} device. So the client could connect to OpenVPN Access Server. For this configuration example we will be using a {{{device}}} device, to configure port forwarding: | |||
*Navigate to <b>Network -> Firewall -> Port Forwarding</b> | |||
*Add three port forwarding rules (See the picture below) | |||
[[File:Networking RUTX configuration example connecting to openvpn access server rutx port forwarding v1.jpg|border|class=tlt-border|1100px]] | |||
<b><span style= "color: red;">Note:</span></b> The destination IP <b>"Forward to IP"</b> should be your Windows PC IP address on which virtual machine is running. | |||
Keep in mind that port 443 is also used for HTTPS, if you want to use a different port for <b>OpenVPN Access Server</b> when using TCP connection, try configuring the Access Server. With this configuration you will be able to connect to OpenVPN Access Server from internet side. | |||
==Getting OpenVPN client configuration file== | |||
Now, assuming that both Linux virtual machine and Teltonika Networking device are configured correctly, we need to get OpenVPN client configuration file (.ovpn). | |||
*Connect to OpenVPN Access Server https://localhost:943 | |||
*Login with your recently added user credentials. | |||
[[File:Networking RUTX configuration example connecting to openvpn access server rutx download ovpn1 v1.jpg|border|class=tlt-border|1100px]] | |||
*Scroll down and click on the link <b>Yourself(autologin profile)</b> located in the tab "Available Connection Profiles" | |||
[[File:Networking RUTX configuration example connecting to openvpn access server rutx download ovpn2 v1.jpg|border|class=tlt-border|1100px]] | |||
*Download and save the .ovpn file. | |||
Now with the downloaded <b>.ovpn</b> configuration file you will be able to connect as client to OpenVPN Access Server. The configuration file can be used on any device which supports OpenVPN configuration from file. | |||
==Uploading .opvn file to {{{device}}} device == | |||
At this point you should have configured OpenVPN Access Server and you should have the .ovpn configuration file. Now you will need to upload it to the {{{device}}} device OpenVPN configuration. | |||
Connect to {{{device}}} WebUI, navigate to <b>Services → VPN → OpenVPN</b> and do the following: | |||
#Type the '''New Configuration Name'''. | |||
#Select '''Role: Client'''. | |||
#Click <b>ADD</b>. | |||
# New configuration should appear after a few seconds. Then press '''Edit'''. | |||
[[File:Networking RUTX configuration example connecting to openvpn access server rutx create instance v1.jpg|1125px]] | |||
[[File:Networking RUTX configuration example connecting to openvpn access server rutx create instance2 v1.jpg|border|class=tlt-border]] | |||
Now apply the following configuration: | |||
#Click on <b>Enable</b>. | |||
#Click on <b>Enable OpenVPN config from file</b>. | |||
#Upload the .opvn client configuration file. | |||
#Press <b>Save & Apply</b>. | |||
[[File:Networking RUTX configuration example connecting to openvpn access server rutx upolad ovpn v4.jpg|1125px]]<br> | |||
Wait for a about a minute and the {{{device}}} should connect to the OpenVPN Server Access, to confirm it go to OpenVPN instance <b>Status</b> and it should be as <span style="Color: green;><b>"Connected"</b></span>. | |||
Note: The same .opvn configuration file should work on other devices. | |||
==Testing the configuration== | |||
In order to check whether your configuration is correct access your OpenVPN Access Server and go to <b>Status --> Current Users</b>: | |||
*The OpenVPN instance should appear and display its IP addresses. | |||
[[File:Networking RUTX configuration example connecting to openvpn access server testing1 v3.jpg|border|class=tlt-border|1100px]] | |||
*Enter <b>VPN IP Address</b> to your internet browser and you should be able to reach the {{{device}}} WebUI. | |||
[[File:Networking RUTX configuration example connecting to openvpn access server rutx testing2 v1.jpg|border|class=tlt-border|1100px]] |