Line 1: |
Line 1: |
| <!-- Template uses {{{name}}}, {{{series}}} --> | | <!-- Template uses {{{name}}}, {{{series}}} --> |
| {{Template:Networking_rutos_manual_fw_disclosure | | {{Template:Networking_rutos_manual_fw_disclosure |
− | | fw_version = {{{series}}}_R_00.02.06.1 | + | | fw_version = {{{series}}}_R_00.07.01 |
| | series = {{{series}}} | | | series = {{{series}}} |
| }} | | }} |
− | {{#ifeq: {{{legacy}}} | 1 |<br><i><b>Note</b>: <b>[[{{{name}}} VPN (legacy WebUI)|click here]]</b> for the old style WebUI (FW version RUT9XX_R_00.06.08.1 and earlier) user manual page.</i>|}} | + | {{#ifeq: {{{series}}} | RUT9 |<br><i><b>Note</b>: <b>[[{{{name}}} VPN (legacy WebUI)|click here]]</b> for the old style WebUI (FW version RUT9XX_R_00.06.08.3 and earlier) user manual page.</i>|}} |
| + | {{#ifeq: {{{series}}} | RUT2 |<br><i><b>Note</b>: <b>[[{{{name}}} VPN (legacy WebUI)|click here]]</b> for the old style WebUI (FW version RUT2XX_R_00.01.14.1 and earlier) user manual page.</i>|}} |
| ==Summary== | | ==Summary== |
| | | |
Line 20: |
Line 21: |
| <b>OpenVPN</b> is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It is often regarded as being the most universal VPN protocol because of its flexibility, support of SSL/TLS security, multiple encryption methods, many networking features and compatibility with most OS platforms. | | <b>OpenVPN</b> is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It is often regarded as being the most universal VPN protocol because of its flexibility, support of SSL/TLS security, multiple encryption methods, many networking features and compatibility with most OS platforms. |
| | | |
− | {{{name}}} devices run OpenVPN version <b>2.4.5</b>. | + | {{{name}}} devices run OpenVPN version <b>2.5.2</b>. |
| | | |
| ===OpenVPN Client=== | | ===OpenVPN Client=== |
Line 26: |
Line 27: |
| An <b>OpenVPN client</b> is an entity that initiates a connection to an OpenVPN server. To create a new client instance, go to the <i>Services → VPN → OpenVPN</i> section, select <i>Role: Client</i>, enter a custom name and click the 'Add' button. An OpenVPN client instance with the given name will appear in the "OpenVPN Configuration" list. | | An <b>OpenVPN client</b> is an entity that initiates a connection to an OpenVPN server. To create a new client instance, go to the <i>Services → VPN → OpenVPN</i> section, select <i>Role: Client</i>, enter a custom name and click the 'Add' button. An OpenVPN client instance with the given name will appear in the "OpenVPN Configuration" list. |
| | | |
− | To begin configuration, click the button that looks liek a pencil next to the client instance. Refer to the figure and table below for information on the OpenVPN client's configuration fields: | + | To begin configuration, click the button that looks like a pencil next to the client instance. Refer to the figure and table below for information on the OpenVPN client's configuration fields: |
| | | |
| [[File:Networking_trb2_vpn_openvpn_client_configuration_v2.png|border|class=tlt-border|]] | | [[File:Networking_trb2_vpn_openvpn_client_configuration_v2.png|border|class=tlt-border|]] |
Line 628: |
Line 629: |
| <td>A shared password used for authentication between IPsec peers before a secure channel is established.</td> | | <td>A shared password used for authentication between IPsec peers before a secure channel is established.</td> |
| </tr> | | </tr> |
− | <tr> | + | <!-- removed on 7.0, to return on 7.1 <tr> |
| <td><span style="color:darkred">Certificate files from device</span></td> | | <td><span style="color:darkred">Certificate files from device</span></td> |
| <td>off {{!}} on; default: <b>off</b></td> | | <td>off {{!}} on; default: <b>off</b></td> |
| <td>Turn on this option if you want to select generated certificate files from device.</td> | | <td>Turn on this option if you want to select generated certificate files from device.</td> |
− | </tr> | + | </tr> --> |
| <tr> | | <tr> |
| <td><span style="color:darkred">X.509:</span> Key</td> | | <td><span style="color:darkred">X.509:</span> Key</td> |
Line 667: |
Line 668: |
| </ul> | | </ul> |
| </td> | | </td> |
| + | </tr> |
| + | <tr> |
| + | <td>Multiple secrets</td> |
| + | <td>off {{!}} on; default: <b>off</b></td> |
| + | <td>Enable to show <b>Global Secret Settings</b> section for configuring multiple secrets.</td> |
| </tr> | | </tr> |
| </table> | | </table> |
Line 679: |
Line 685: |
| </li> | | </li> |
| </ul> | | </ul> |
| + | |
| + | ====Global Secrets Settings==== |
| + | ---- |
| + | This section is displayed when <b>Multiple secrets</b> is enabled in General settings. You can add new instances by pressing <b>Add</b>. |
| + | |
| + | [[File:Networking_rutos_vpn_ipsec_ipsec_instance_general_settings_global_secrets_settings.png|border|class=tlt-border]] |
| + | |
| + | <table class="nd-mantable"> |
| + | <tr> |
| + | <th>Field</th> |
| + | <th>Value</th> |
| + | <th>Description</th> |
| + | </tr> |
| + | <tr> |
| + | <td>ID Selector</td> |
| + | <td>%any, IP or FQDN; default: <b>none</b></td> |
| + | <td>Each secret can be preceded by a list of optional ID selectors. A selector is an IP address, a Fully Qualified Domain Name, user@FQDN or %any. When using IKEv1 use IP address.</br><b>NOTE:</b> IKEv1 only supports IP address ID selector.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Type</td> |
| + | <td>psk {{!}} xauth; default: <b>psk</b></td> |
| + | <td>IPSec secret type.</br><b>NOTE:</b> XAUTH secrets are IKEv1 only.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Secret</td> |
| + | <td>string; default: <b>none</b></td> |
| + | <td>A shared password to authenticate between the peers. Minimum length is 5 symbols. All characters are allowed except `.</td> |
| + | </tr> |
| + | </table> |
| | | |
| ====Advanced Settings==== | | ====Advanced Settings==== |
Line 693: |
Line 728: |
| <th>Description</th> | | <th>Description</th> |
| </tr> | | </tr> |
− | <tr> | + | <!-- removed on 7.0, to return on 7.1 <tr> |
| <td>Certificate files from device</td> | | <td>Certificate files from device</td> |
| <td>off | on; default: <b>off</b></td> | | <td>off | on; default: <b>off</b></td> |
− | <td>Uses certificate file generated on this device instead of uploading. (You can generate certificates within this device via the System → Administration → [[{{{name}}}_Administration#Certificates|Certificates]] page.)</td> | + | <td>Uses certificate file generated on this device instead of uploading. (You can generate certificates within this device via the System → Administration → [[{{{name}}}_Administration#Certificates|Certificates]] page.)</td> |
− | </tr> | + | </tr> --> |
| <tr> | | <tr> |
| <td>Remote Certificate</td> | | <td>Remote Certificate</td> |
| <td>.crt file; default: <b>none</b></td> | | <td>.crt file; default: <b>none</b></td> |
− | <td>Selects a certificate file either from this device or from a computer.</td> | + | <td>Selects a certificate file from a computer.</td> |
| </tr> | | </tr> |
| </table> | | </table> |
Line 1,155: |
Line 1,190: |
| | | |
| <b>Note:</b> there can only one PPTP Server configuration on the device. | | <b>Note:</b> there can only one PPTP Server configuration on the device. |
− | {{#ifeq:{{{series}}}|RUTX| <!-- ONLY FOR RUTX -->
| + | |
| ==SSTP== | | ==SSTP== |
| | | |
| <b>Secure Socket Tunneling Protocol</b> (SSTP) is a VPN protocol designed to transport PPP traffic via a secure SSL/TLS channel. | | <b>Secure Socket Tunneling Protocol</b> (SSTP) is a VPN protocol designed to transport PPP traffic via a secure SSL/TLS channel. |
− | | + | {{#ifeq: TRB1 | RUTX | | |
| + | </br><u><b>Note:</b> SSTP is additional software that can be installed from the <b>Services → [[{{{name}}} Package Manager|Package Manager]]</b> page.</u> |
| + | }} |
| ===SSTP configuration=== | | ===SSTP configuration=== |
| ---- | | ---- |
Line 1,225: |
Line 1,262: |
| The Stunnel Globals section is used to manage the Stunnel service as a whole. | | The Stunnel Globals section is used to manage the Stunnel service as a whole. |
| Refer to the figure and table below for information on the fields contained in the Stunnel Globals section. | | Refer to the figure and table below for information on the fields contained in the Stunnel Globals section. |
− | | + | {{#ifeq: {{{series}}} | RUTX | | |
| + | </br><u><b>Note:</b> Stunnel is additional software that can be installed from the <b>Services → [[{{{name}}} Package Manager|Package Manager]]</b> page.</u> |
| + | }} |
| [[File:Networking_rutos_manual_vpn_stunnel_globals.png|border|class=tlt-border]] | | [[File:Networking_rutos_manual_vpn_stunnel_globals.png|border|class=tlt-border]] |
| | | |
Line 1,365: |
Line 1,404: |
| | | |
| <b>Dynamic Multipoint VPN</b> (<b>DMVPN</b>) is a method of building scalable IPsec VPNs. DMVPN is configured as a hub-and-spoke network, where tunnels between spokes are built dynamically; therefore, no change in configuration is required on the hub in order to connect new spokes. | | <b>Dynamic Multipoint VPN</b> (<b>DMVPN</b>) is a method of building scalable IPsec VPNs. DMVPN is configured as a hub-and-spoke network, where tunnels between spokes are built dynamically; therefore, no change in configuration is required on the hub in order to connect new spokes. |
− | | + | {{#ifeq: {{{series}}} | RUTX | | |
| + | </br><u><b>Note:</b> DMPVN is additional software that can be installed from the <b>Services → [[{{{name}}} Package Manager|Package Manager]]</b> page.</u> |
| + | }} |
| ===DMVPN configuration=== | | ===DMVPN configuration=== |
| ---- | | ---- |
Line 1,528: |
Line 1,569: |
| </tr> | | </tr> |
| </table> | | </table> |
− |
| |
− | }} <!--- END FOR RUTX -->
| |
| | | |
| ==L2TP== | | ==L2TP== |
Line 1,777: |
Line 1,816: |
| </tr> | | </tr> |
| </table> | | </table> |
− | <!--
| + | |
| ==WireGuard== | | ==WireGuard== |
| | | |
Line 1,944: |
Line 1,983: |
| </tr> | | </tr> |
| </table> | | </table> |
− | -->
| + | |
| [[Category:{{{name}}} Services section]] | | [[Category:{{{name}}} Services section]] |