569
edits
Changes
no edit summary
<b>Explanation</b>
<b>Explanation</b>
An OpenVPN client is connected to an OpenVPN server (both hosted on RUT routers) via a TLS encrypted Stunnel connection. This allows the transfer of data between remote private networks (LAN A and LAN B) and adds an additional TLS security layer for the connection.
An OpenVPN client is connected to an OpenVPN server (both hosted on RUT routers) via a TLS encrypted Stunnel connection. This allows the transfer of data between remote private networks (LAN A and LAN B) and adds a TLS security layer for the connection.
==Server configuration==
==Server configuration==
Navigate to the <b>Services → VPN → Stunnel</b> page and enable the "Stunnel Globals" configuration:
Navigate to the <b>Services → VPN → Stunnel</b> page and enable the "Stunnel Globals" configuration:
[[File:Networking rutxxx configuration examples stunnel server enabled v2.jpg|border|class=tlt-border]]
[[File:Networking rutxxx configuration examples stunnel global enabled v1.jpg|border|class=tlt-border|1100px]]
Click <b>Save</b>.
Click <b>Save</b>.
The figure below displays the configuration used for our example. Take note of the comments that are provided next to fields that differ from the default value:
The figure below displays the configuration used for our example. Take note of the comments that are provided next to fields that differ from the default value:
[[File:Networking rutxxx configuration examples stunnel server settings v1.jpg|border|class=tlt-border]]
[[File:Networking rutxxx configuration examples stunnel server settings v1.jpg|border|class=tlt-border|1100px]]
Don't forget to click the <b>Save</b> button located at the bottom-right side of the page.
Don't forget to click the <b>Save</b> button located at the bottom-right side of the page.
To do this, navigate to the <b>Network → Firewall → Traffic Rules</b> page and scroll down until you see the <b>Open Ports On Router</b> section. Fill out the configuration fields as indicated in the figure above and click the 'Add' button:
To do this, navigate to the <b>Network → Firewall → Traffic Rules</b> page and scroll down until you see the <b>Open Ports On Router</b> section. Fill out the configuration fields as indicated in the figure above and click the 'Add' button:
[[File:Networking rutxxx configuration examples openvpn over stunnel firewall configuration v2.jpg|border|class=tlt-border|1000px]]
[[File:Networking rutxxx configuration examples openvpn over stunnel firewall configuration v2.jpg|border|class=tlt-border|1100px]]
==Client configuration==
==Client configuration==
Configure the OpenVPN and Stunnel clients that will be connecting to the server. Unlike in the server, there is reason to configure Stunnel client before the OpenVPN client (the other way around will also work but an OpenVPN service restart may be required) so it is recommended to start with that.
Configure the OpenVPN and Stunnel clients that will be connecting to the server. Unlike in the server, there is a reason to configure the Stunnel client before the OpenVPN client (the other way around will also work but an OpenVPN service restart may be required) so it is recommended to start with that.
The OpenVPN client will connect to <i>TCP port 1194</i> of the local host and the Stunnel client will connect to the WAN IP and Stunnel port (<i>192.168.10.1:9999</i> in this example) of the server router.
The OpenVPN client will connect to <i>TCP port 1194</i> of the local host and the Stunnel client will connect to the WAN IP and Stunnel port (<i>192.168.10.1:9999</i> in this example) of the server router.
The logic of the entire connection can be visualized like this:
The logic of the entire connection can be visualized like this:
[[File:{{{file_client_scheme}}}]]
[[File:Networking_device_vpn_stunnel_complete_configuration_scheme_v2.png]]
===Stunnel client===
===Stunnel client===
Navigate to the <b>Services → VPN → Stunnel</b> page and enable the "Stunnel Globals" configuration:
Navigate to the <b>Services → VPN → Stunnel</b> page and enable the "Stunnel Globals" configuration:
[[File:{{{file_stunnel_globals}}}]]
[[File:Networking rutxxx configuration examples stunnel global enabled v1.jpg|border|class=tlt-border|1100px]]
Click <b>Save</b>.
Click <b>Save</b>.
The figure below displays the configuration used for our example. Take note of the comments that are provided next to fields that differ from the default value:
The figure below displays the configuration used for our example. Take note of the comments that are provided next to fields that differ from the default value:
[[File:{{{file_stunnel_client}}}]]
[[File:Networking rutxxx configuration examples openvpn over stunnel stunnel client configuration v2.jpg|border|class=tlt-border|1100px]]
Don't forget to click the <b>Save</b> button located at the bottom-right side of the page.
Don't forget to click the <b>Save</b> button located at the bottom-right side of the page.
The figure below displays the configuration used for our example. Take note of the comments that are provided next to fields that differ from the default value:
The figure below displays the configuration used for our example. Take note of the comments that are provided next to fields that differ from the default value:
[[File:{{{file_openvpn_client}}}]]
[[File:Networking rutxxx configuration examples openvpn over stunnel openvpn client configuration v2.jpg|border|class=tlt-border|1100px]]
Don't forget to click the <b>Save</b> button located at the bottom-right side of the page.
Don't forget to click the <b>Save</b> button located at the bottom-right side of the page.
</li>
</li>
----
----
<li>Double check your configuration. Check for configuration mistakes, see if correct certificate files are uploaded onto each instance, make sure the Stunnel port is not used by another program, etc.</li>
<li> Double-check your configuration. Check for configuration mistakes, see if correct certificate files are uploaded onto each instance, make sure the Stunnel port is not used by another program, etc.</li>
</ul>
</ul>
[[Category:VPN]]