Changes

When you have a Static key, you can start configuring OpenVPN Server and Client instances. For this example we will be creating a TUN (Tunnel) type connection that uses the UDP protocol for data transfer and Static key for Authentication. We will be using two RUT routers: '''RUT1''' ('''Server'''; LAN IP: '''192.168.1.1'''; WAN (Public static) IP: '''213.226.191.61''') and '''RUT2''' ('''Client'''; LAN IP: '''192.168.2.1'''); the two routers will be connected via OpenVPN; the Server's Virtual IP address will be '''10.0.0.1'''; the Client's - '''10.0.0.2''':

When you have a Static key, you can start configuring OpenVPN Server and Client instances. For this example we will be creating a TUN (Tunnel) type connection that uses the UDP protocol for data transfer and Static key for Authentication. We will be using two RUT routers: '''RUT1''' ('''Server'''; LAN IP: '''192.168.1.1'''; WAN (Public static) IP: '''213.226.191.61''') and '''RUT2''' ('''Client'''; LAN IP: '''192.168.2.1'''); the two routers will be connected via OpenVPN; the Server's Virtual IP address will be '''10.0.0.1'''; the Client's - '''10.0.0.2''':

[[File:Networking rut configuration openvpn instances static v1.png|alt=|border|class=tlt-border||1547x1547px]]

[[File:Networking rut configuration openvpn instances static v1.png|alt=|border|class=tlt-border|1100px]]

To sum up, just make sure the Server and the Clients use the same parameters (same authentication, same port, same protocol, etc.). Other important aspects are the '''Local tunnel endpoint IP''' and the '''Remote tunnel endpoint IP'''. Take note these two particular parameter values are reversed for the individual Client and the Server configurations since these values represent opposite things depending on the instance's perspective.

To sum up, just make sure the Server and the Clients use the same parameters (same authentication, same port, same protocol, etc.). Other important aspects are the '''Local tunnel endpoint IP''' and the '''Remote tunnel endpoint IP'''. Take note these two particular parameter values are reversed for the individual Client and the Server configurations since these values represent opposite things depending on the instance's perspective.

TAP is used for creating a network bridge between Ethernet segments in different locations. For this example we will be creating a TAP (bridged) type connection that uses the UDP protocol for data transfer and TLS for Authentication. We will be using two RUT routers: '''RUT1''' ('''Server'''; LAN IP: '''192.168.1.1'''; WAN (Public static) IP: '''213.226.191.61''') and '''RUT2''' ('''Client'''; LAN IP: '''192.168.1.2'''); the two routers will be connected via OpenVPN.

TAP is used for creating a network bridge between Ethernet segments in different locations. For this example we will be creating a TAP (bridged) type connection that uses the UDP protocol for data transfer and TLS for Authentication. We will be using two RUT routers: '''RUT1''' ('''Server'''; LAN IP: '''192.168.1.1'''; WAN (Public static) IP: '''213.226.191.61''') and '''RUT2''' ('''Client'''; LAN IP: '''192.168.1.2'''); the two routers will be connected via OpenVPN.

[[File:Networking rut configuration openvpn tap configuration v1.png|alt=|border|class=tlt-border||1547x1547px]]

[[File:Networking rut configuration openvpn tap configuration v1.png|alt=|border|class=tlt-border|1100px]]

To sum up, just make sure the Server and the Clients use the same parameters (same authentication, same port, same protocol, etc.). Since the OpenVPN interface that comes up is bridged with the LAN interface, make sure the routers are in the '''same subnet''' (192.168.1.0 in this case). While making sure of that, don't forget that the routers can't have the same IP address, just the same subnet (for example, if both routers have the LAN IP 192.168.1.1, the connection won't work; if one has, for example, 192.168.1.1 and the other 192.168.1.100, then the connection will work).

To sum up, just make sure the Server and the Clients use the same parameters (same authentication, same port, same protocol, etc.). Since the OpenVPN interface that comes up is bridged with the LAN interface, make sure the routers are in the '''same subnet''' (192.168.1.0 in this case). While making sure of that, don't forget that the routers can't have the same IP address, just the same subnet (for example, if both routers have the LAN IP 192.168.1.1, the connection won't work; if one has, for example, 192.168.1.1 and the other 192.168.1.100, then the connection will work).

'''Server side'''

'''Server side'''

[[File:Networking rutxxx configuration openvpn server v1.png|alt=|border|class=tlt-border]]

[[File:Networking rutxxx configuration openvpn server v1.png|alt=|border|class=tlt-border|1100px]]

'''Client side'''

'''Client side'''

[[File:Networking rut configuration openvpn client v1.png|alt=|border|class=tlt-border]]

[[File:Networking rut configuration openvpn client v1.png|alt=|border|class=tlt-border|1100px]]

Another method of testing pinging the other instance's virtual or private IP address. You can send ping packets via CLI, SSH, or from the '''[[RUT955_Administration#Diagnostics|System → Administration → Troubleshoot → Diagnostics]]''' section of the router's WebUI:

Another method of testing pinging the other instance's virtual or private IP address. You can send ping packets via CLI, SSH, or from the '''[[RUT955_Administration#Diagnostics|System → Administration → Troubleshoot → Diagnostics]]''' section of the router's WebUI:

Once you know the Common Names and LAN IP Addresses of your OpenVPN Clients, you can create TLS Clients instances for each of them:

Once you know the Common Names and LAN IP Addresses of your OpenVPN Clients, you can create TLS Clients instances for each of them:

[[File:Networking rut configuration openvpn tls clients v1.jpg|alt=|border|class=tlt-border]]

[[File:Networking rut configuration openvpn tls clients v1.jpg|alt=|border|class=tlt-border|1100px]]

In addition, with TLS Clients you can manually assign Virtual local and remote endpoint addresses for the Clients. But these fields are not mandatory and the addresses will be assigned automatically if they are left unchecked.

In addition, with TLS Clients you can manually assign Virtual local and remote endpoint addresses for the Clients. But these fields are not mandatory and the addresses will be assigned automatically if they are left unchecked.

=====TLS Clients=====

=====TLS Clients=====

----

----

First, configure TLS Clients. You can find the description on how to do that in the section before this one ('''[[OpenVPN_configuration_examples#Clients_from_Server|here]]'''). This is necessary in the case of multiple Clients because the Server will not only be pushing the routes of other Clients but also the routes to the Clients' own networks to their routing tables. This would cause the Clients' routers to be unreachable until the OpenVPN connection is terminated.  

First, configure TLS Clients. You can find the description on how to do that in the section before this one ('''[[OpenVPN configuration examples RUT R 00.07|here]]'''). This is necessary in the case of multiple Clients because the Server will not only be pushing the routes of other Clients but also the routes to the Clients' own networks to their routing tables. This would cause the Clients' routers to be unreachable until the OpenVPN connection is terminated.  

TLS Clients solves this issue because the configuration then "tells" the router not to push certain routes to certain Clients. For example, if a router pushes the route '''192.168.5.0 255.255.555.0''' to a Client whose LAN IP address is 192.168.5.1, that Client will not be able to reach its network. TLS Clients prevent this - if a Client, for example, has the LAN IP address of 192.168.5.1, he will not receive the ''route 192.168.5.0 255.255.555.0''.

TLS Clients solves this issue because the configuration then "tells" the router not to push certain routes to certain Clients. For example, if a router pushes the route '''192.168.5.0 255.255.555.0''' to a Client whose LAN IP address is 192.168.5.1, that Client will not be able to reach its network. TLS Clients prevent this - if a Client, for example, has the LAN IP address of 192.168.5.1, he will not receive the ''route 192.168.5.0 255.255.555.0''.

Next, go to the '''Network → Firewall → Zone Forwarding section. Click the '''Edit''' button located next to the '''vpn''' rule and in the subsequent window add a checkmark next to '''wan''' as such:'''

Next, go to the '''Network → Firewall → Zone Forwarding section. Click the '''Edit''' button located next to the '''vpn''' rule and in the subsequent window add a checkmark next to '''wan''' as such:'''

[[File:Networking rut configuration openvpn firewall v1.jpg|alt=|border|class=tlt-border]]

[[File:Networking rut configuration openvpn firewall v1.jpg|alt=|border|class=tlt-border|1100px]]

his will redirect all WAN traffic through the OpenVPN tunnel.

his will redirect all WAN traffic through the OpenVPN tunnel.

*[[OpenVPN server on Windows]]

*[[OpenVPN server on Windows]]

*[[OpenVPN traffic split]]

*[[OpenVPN traffic split]]

*Other types of VPNs suported by RUTxxx devices:

*Other types of VPNs suported by RUTxxx devices:

**[[IPsec configuration examples]]

**[[IPsec RUTOS configuration example|IPsec configuration examples]]

**[[GRE Tunnel configuration examples]]

**[[GRE Tunnel configuration examples RutOS|GRE Tunnel configuration examples]]

**[[PPTP configuration examples]]

**[[PPTP configuration examples RutOS|PPTP configuration examples]]

**[[L2TP configuration examples]]

**[[L2TP configuration examples RutOS|L2TP configuration examples]]

==External links==

==External links==

http://www.whatsmyip.org/

http://www.whatsmyip.org/