Line 1: |
Line 1: |
| + | <table class="nd-othertables_2"> |
| + | <tr> |
| + | <th width="325;" style="border-bottom: 1px solid white;"></th> |
| + | <th rowspan="2;" width="820;" style="border-bottom: 1px solid white;">[[File:Networking rutxxx configuration openvpn topology v1.png|alt=|border|class=tlt-border|right|750x750px]]</th> |
| + | </tr> |
| + | <tr> |
| + | <td style="border-bottom: 1px solid white"> |
| + | {| align="center" |
| + | |__TOC__ |
| + | |} |
| + | </td> |
| + | </tr> |
| + | </table> |
| + | |
| ==Configuration overview and prerequisites== | | ==Configuration overview and prerequisites== |
| | | |
Line 9: |
Line 23: |
| When the scheme is realized, home workers will be able to reach the corporation’s internal network with all internal systems, allowing working from home to be possible. | | When the scheme is realized, home workers will be able to reach the corporation’s internal network with all internal systems, allowing working from home to be possible. |
| | | |
− | ==Configuring OpenVPN from the client-side== | + | ==Configuring OpenVPN from the client-side == |
| ===TLS Certificates=== | | ===TLS Certificates=== |
| *Firstly generate TLS certificates on your Windows Computer, you can find instructions on how to do it [[How to generate TLS certificates (Windows)?|here]]. | | *Firstly generate TLS certificates on your Windows Computer, you can find instructions on how to do it [[How to generate TLS certificates (Windows)?|here]]. |
Line 16: |
Line 30: |
| *In '''<ca> </ca>''' paste whole certificate from '''/easy-rsa/pki/ca.crt''' | | *In '''<ca> </ca>''' paste whole certificate from '''/easy-rsa/pki/ca.crt''' |
| *IN '''<cert></cert>''' paste whole certificate from '''/easy-rsa/pki/issued/"your_client_name".crt''' | | *IN '''<cert></cert>''' paste whole certificate from '''/easy-rsa/pki/issued/"your_client_name".crt''' |
− | *And in the last section '''<key></key>''' paste whole private key from '''/easy-rsa/pki/private/"your_client_name".key''' | + | * And in the last section '''<key></key>''' paste whole private key from '''/easy-rsa/pki/private/"your_client_name".key''' |
| *One more thing to change in your .ovpn file is to change the IP address to your router's '''public IP address''' | | *One more thing to change in your .ovpn file is to change the IP address to your router's '''public IP address''' |
− | [[File:Ovpn1.png|border|class=tlt-border]] | + | [[File:Networking rutxxx configuration openvpn certification file.jpg|alt=|border|class=tlt-border]] |
| | | |
| *Now you can '''Save''' and '''Import''' your '''.ovpn''' file to the OpenVPN client by right-clicking on OpenVPN GUI in the hidden icons tray and navigating to '''Import → Import File'''. | | *Now you can '''Save''' and '''Import''' your '''.ovpn''' file to the OpenVPN client by right-clicking on OpenVPN GUI in the hidden icons tray and navigating to '''Import → Import File'''. |
− | [[File:Ovpn2.png|border|class=tlt-border]] | + | [[File:Networking rutxxx configuration certificate import.jpg|alt=|border|class=tlt-border]] |
| | | |
| Do not connect yet to your VPN client, we still have to configure the server. | | Do not connect yet to your VPN client, we still have to configure the server. |
Line 29: |
Line 43: |
| <tr> | | <tr> |
| <th width="355;" style="border-bottom: 1px solid white;"></th> | | <th width="355;" style="border-bottom: 1px solid white;"></th> |
− | <th rowspan="2" width="790;" style="border-bottom: 1px solid white;">[[File:Ovpn3.png|alt=|right|770x770px|border]]</th> | + | <th rowspan="2" width="790;" style="border-bottom: 1px solid white;">[[File:Rutos_OpenVPN_7,8_Add_server.png|alt=|right|770x770px]]</th> |
| </tr> | | </tr> |
| <tr> | | <tr> |
| <td style="border-bottom: 1px solid white;"> | | <td style="border-bottom: 1px solid white;"> |
− | Login to the router's WebUI and navigate to the '''Services → VPN → OPENVPN''' page and do the following: | + | Login to the router's WebUI and navigate to the '''Services → VPN → OpenVPN''' page and do the following: |
| <ol> | | <ol> |
| <li>Enter a '''custom configuration name'''</li> | | <li>Enter a '''custom configuration name'''</li> |
Line 39: |
Line 53: |
| </li> | | </li> |
| <li>Click the '''Add''' button.</li> | | <li>Click the '''Add''' button.</li> |
− | <li>Click the '''Edit''' button next to the newly created OpenVPN instance.</li>
| |
| </ol> | | </ol> |
| </td> | | </td> |
| </tr> | | </tr> |
| </table> | | </table> |
− |
| |
− | ----
| |
| | | |
| <br> | | <br> |
Line 51: |
Line 62: |
| <tr> | | <tr> |
| <th width="355;" style="border-bottom: 1px solid white;"></th> | | <th width="355;" style="border-bottom: 1px solid white;"></th> |
− | <th rowspan="2" width="790;" style="border-bottom: 1px solid white;">[[File:Ovpn4.png|alt=|right|770x770px|border]]</th> | + | <th rowspan="2" width="790;" style="border-bottom: 1px solid white;">[[File:Rutos_OpenVPN_7,8_Add_server_config.png|alt=|border|right|770x770px]]</th> |
| </tr> | | </tr> |
| <tr> | | <tr> |
| <td style="border-bottom: 1px solid white"> | | <td style="border-bottom: 1px solid white"> |
| <ol> | | <ol> |
− | <li>'''Enable''' OpenVPN instance.</li>
| + | * '''Enable''' OpenVPN instance. |
− | <li>Change '''Authentication''' to '''TLS'''
| + | * In '''Virtual network IP address''' type: '''192.168.15.0''' |
− | </li>
| + | * '''Virtual network netmask''' select: '''255.255.255.0''' |
− | <li>Change '''Encryption''' to '''AES-256-GCM 256'''
| + | </ol> |
− | </li><li>Change '''Keep alive''' to '''5 10'''
| |
− | </li><li>In '''Virtual network IP address''' type: '''192.168.15.0'''
| |
− | </li><li>'''Virtual network netmask''' select: '''255.255.255.0'''
| |
− | </li><li>Leave everything else default
| |
− | </li></ol>
| |
| </td> | | </td> |
| </tr> | | </tr> |
| | | |
| </table> | | </table> |
| + | ---- |
| <br> | | <br> |
− | ----<table class="nd-othertables_2">
| + | <table class="nd-othertables_2"> |
| <tr> | | <tr> |
| <th width="355;" style="border-bottom: 1px solid white;"></th> | | <th width="355;" style="border-bottom: 1px solid white;"></th> |
− | <th rowspan="2" width="790;" style="border-bottom: 1px solid white;">[[File:Ovpn5.png|alt=|right|770x770px|border]]</th> | + | <th rowspan="2" width="790;" style="border-bottom: 1px solid white;">[[File:Rutos_OpenVPN_7,8_Add_server_config_2.png|alt=|border|right|770x770px]]</th> |
| </tr> | | </tr> |
| <tr> | | <tr> |
| <td style="border-bottom: 1px solid white"> | | <td style="border-bottom: 1px solid white"> |
| <ol> | | <ol> |
− | <li>The last thing left to do is to upload '''Certificates''', firstly upload '''Certificate authority''' ('''ca.crt''' file)</li>
| + | * The last thing left to do is to upload '''Certificates''', firstly upload '''Certificate authority''' ('''ca.crt''' file) |
− | <li>Upload '''Server certificate''' ('''server.crt''' file)
| + | * Upload '''Server certificate''' ('''server.crt''' file) |
− | </li>
| + | * Upload '''Server key''' ('''server.key''' file) |
− | <li>Upload '''Server key''' ('''server.key''' file)
| + | * Press '''SAVE & APPLY''' button |
− | </li>
| + | * Leave everything else as default |
− | <li>Now upload '''Diffie Hellman parameters''' ('''dh.pem''' file)
| + | </ol> |
− | </li>
| |
− | <li>Press '''SAVE & APPLY''' button
| |
− | </li></ol>
| |
| </td> | | </td> |
| </tr> | | </tr> |
| </table> | | </table> |
| ---- | | ---- |
− | ==Connecting to the OpenVPN server== | + | ==Connecting to the OpenVPN server == |
| | | |
| If everything was configurated correctly your OpenVPN server should be '''Active''': | | If everything was configurated correctly your OpenVPN server should be '''Active''': |
− | [[File:Ovpn6.png|border|class=tlt-border|1008x1008px]] | + | [[File:Rutos_OpenVPN_7,8_status_server.png|alt=|border|1008x1008px|class=tlt-border]] |
| | | |
| Now let's try to connect from a '''client''' to the '''server'''. | | Now let's try to connect from a '''client''' to the '''server'''. |
Line 100: |
Line 104: |
| On your Windows machine right-click on '''OpenVPN GUI''' '''→''' Select your client → Press Connect | | On your Windows machine right-click on '''OpenVPN GUI''' '''→''' Select your client → Press Connect |
| | | |
− | [[File:Ovpn7.png|alt=|border|class=tlt-border]] | + | [[File:Networking rutxxx configuration openvpn connect to the client.jpg|alt=|border|class=tlt-border]] |
| | | |
| If the connection was successful then you will get the following notification: | | If the connection was successful then you will get the following notification: |
| | | |
− | [[File:Ovpn8.png|alt=|border|class=tlt-border]] | + | [[File:Networking rutxxx configuration successful connection.jpg|alt=|border|class=tlt-border]] |
| | | |
| To test if the connection is working properly on your Windows machine open '''CMD''' and type ping '''192.168.15.1''' (server's VPN IP) you should get a similar response: | | To test if the connection is working properly on your Windows machine open '''CMD''' and type ping '''192.168.15.1''' (server's VPN IP) you should get a similar response: |
| | | |
− | [[File:Cmd_ping.png|alt=|border|class=tlt-border]] | + | [[File:Networking rutxxx configuration cmd ping to the server.jpg|alt=|border|class=tlt-border]] |