OpenVPN over Stunnel RutOS: Difference between revisions
No edit summary |
No edit summary |
||
| (2 intermediate revisions by one other user not shown) | |||
| Line 19: | Line 19: | ||
[[File:Networking_device_vpn_stunnel_working_scheme_v4.png]] | [[File:Networking_device_vpn_stunnel_working_scheme_v4.png]] | ||
<b>Explanation</b> | <b>Explanation</b> | ||
| Line 38: | Line 38: | ||
The figure below displays the configuration used for our example. Take note of the comments that are provided next to fields that differ from the default value: | The figure below displays the configuration used for our example. Take note of the comments that are provided next to fields that differ from the default value: | ||
[[File: | |||
<table class="nd-othertables_2"> | |||
<tr> | |||
<th width=330; style="border-bottom: 1px solid white;></th> | |||
<th width=800; style="border-bottom: 1px solid white;" rowspan=2> | |||
[[File:Open_VPN_server_configuration_part_1.jpg|border|class=tlt-border]] | |||
[[File:Open_VPN_server_configuration_part_2.jpg|border|class=tlt-border]]</th> | |||
</tr> | |||
<tr> | |||
<td style="border-bottom: 4px solid white> | |||
# '''Enable''' the instance | |||
# Select ''''''TCP'''''' protocol | |||
# Select port '''1194'''. | |||
# '''TLS''' cipher select All | |||
# Set Virtual network IP address | |||
# Set virtual network '''Netmask''' | |||
# (Optional) push a route to make Lan network available to clients | |||
# Upload '''TLS''' certificates | |||
# Upload Diffie Hellman parameters | |||
</td> | |||
</tr> | |||
</table> | |||
Don't forget to click the <b>Save</b> button located at the bottom-right side of the page. | Don't forget to click the <b>Save</b> button located at the bottom-right side of the page. | ||
===Stunnel server=== | ===Stunnel server=== | ||
---- | ---- | ||
To create a new Stunnel instance, enter a custom name for it and click the 'Add' button. A new instance with the given name will appear in the "Stunnel Configuration" list. To begin configuration, click the 'Edit' button next to the instance. | To create a new Stunnel instance, enter a custom name for it and click the 'Add' button. A new instance with the given name will appear in the "Stunnel Configuration" list. To begin configuration, click the 'Edit' button next to the instance. | ||
| Line 54: | Line 70: | ||
The figure below displays the configuration used for our example. Take note of the comments that are provided next to fields that differ from the default value: | The figure below displays the configuration used for our example. Take note of the comments that are provided next to fields that differ from the default value: | ||
[[File: | <table class="nd-othertables_2"> | ||
<tr> | |||
<th width=330; style="border-bottom: 1px solid white;></th> | |||
<th width=800; style="border-bottom: 1px solid white;" rowspan=2> | |||
[[File:Stunnel_Server_configuration.png|border|class=tlt-border]]</th> | |||
</tr> | |||
<tr> | |||
<td style="border-bottom: 4px solid white> | |||
# '''Enable''' the instance | |||
# Choose operating mode ''''''Server''''''. | |||
# Enter '''0.0.0.0'''. | |||
# Enter '''9999''' (Stunnel port) | |||
# Enter localhost followed by the OpenVPN port ('localhost:1194' in this example) | |||
# Select '''Secure''' cipher | |||
# Upload certificate and key files | |||
</td> | |||
</tr> | |||
</table> | |||
Don't forget to click the <b>Save</b> button located at the bottom-right side of the page. | Don't forget to click the <b>Save</b> button located at the bottom-right side of the page. | ||
| Line 64: | Line 98: | ||
To do this, navigate to the <b>Network → Firewall → Traffic Rules</b> page and scroll down until you see the <b>Open Ports On Router</b> section. Fill out the configuration fields as indicated in the figure above and click the 'Add' button: | To do this, navigate to the <b>Network → Firewall → Traffic Rules</b> page and scroll down until you see the <b>Open Ports On Router</b> section. Fill out the configuration fields as indicated in the figure above and click the 'Add' button: | ||
[[File: | [[File:Traffic_rules_configuration.png|border|class=tlt-border|1100px]] | ||
==Client configuration== | ==Client configuration== | ||
| Line 77: | Line 111: | ||
===Stunnel client=== | ===Stunnel client=== | ||
---- | ---- | ||
To create a new Stunnel instance, enter a custom name for it and click the 'Add' button. A new instance with the given name will appear in the "Stunnel Configuration" list. To begin configuration, click the 'Edit' button next to the instance. | To create a new Stunnel instance, enter a custom name for it and click the 'Add' button. A new instance with the given name will appear in the "Stunnel Configuration" list. To begin configuration, click the 'Edit' button next to the instance. | ||
| Line 88: | Line 116: | ||
The figure below displays the configuration used for our example. Take note of the comments that are provided next to fields that differ from the default value: | The figure below displays the configuration used for our example. Take note of the comments that are provided next to fields that differ from the default value: | ||
[[File: | <table class="nd-othertables_2"> | ||
<tr> | |||
<th width=330; style="border-bottom: 1px solid white;></th> | |||
<th width=800; style="border-bottom: 1px solid white;" rowspan=2> | |||
[[File:Stunnel_client_configuration.jpg|border|class=tlt-border]]</th> | |||
</tr> | |||
<tr> | |||
<td style="border-bottom: 4px solid white> | |||
# '''Enable''' the instance | |||
# Select '''''Client''''' | |||
# Enter '''localhost'''. | |||
# Enter '''1194''' Open VPN port | |||
# Enter the server's Wan IP followed by Stunnel port number ('192.168.10.1.:9999' In this example) | |||
# Select '''Secure''' Cipher | |||
# Upload remote server certificate | |||
</td> | |||
</tr> | |||
</table> | |||
Don't forget to click the <b>Save</b> button located at the bottom-right side of the page. | Don't forget to click the <b>Save</b> button located at the bottom-right side of the page. | ||
| Line 98: | Line 144: | ||
The figure below displays the configuration used for our example. Take note of the comments that are provided next to fields that differ from the default value: | The figure below displays the configuration used for our example. Take note of the comments that are provided next to fields that differ from the default value: | ||
[[File: | <table class="nd-othertables_2"> | ||
<tr> | |||
<th width=330; style="border-bottom: 1px solid white;></th> | |||
<th width=800; style="border-bottom: 1px solid white;" rowspan=2> | |||
[[File:Open VPN client configuration part 1.png|border|class=tlt-border]] | |||
[[File:Open_VPN_client_configuration_part_2.png|border|class=tlt-border]]</th> | |||
</tr> | |||
<tr> | |||
<td style="border-bottom: 4px solid white> | |||
# '''Enable''' the instance | |||
# Select ''''''TCP'''''' protocol | |||
# Specify '''localhost'''. | |||
# Upload '''TLS''' Certificates | |||
</td> | |||
</tr> | |||
</table> | |||
Don't forget to click the <b>Save</b> button located at the bottom-right side of the page. | Don't forget to click the <b>Save</b> button located at the bottom-right side of the page. | ||
| Line 133: | Line 195: | ||
<li> Double-check your configuration. Check for configuration mistakes, see if correct certificate files are uploaded onto each instance, make sure the Stunnel port is not used by another program, etc.</li> | <li> Double-check your configuration. Check for configuration mistakes, see if correct certificate files are uploaded onto each instance, make sure the Stunnel port is not used by another program, etc.</li> | ||
</ul> | </ul> | ||
[[Category:VPN]] | |||