Difference between revisions of "Template:Networking rut configuration example openvpn bridge use case"

From Teltonika Networks Wiki
m (Protected "Template:Networking rut configuration example openvpn bridge use case" ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite)))
(41 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
         <th width=325; style="border-bottom: 1px solid white;></th>
 
         <th width=325; style="border-bottom: 1px solid white;></th>
 
         <th width=820; style="border-bottom: 1px solid white;" rowspan=2;>
 
         <th width=820; style="border-bottom: 1px solid white;" rowspan=2;>
[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_topology_v3.png|border|class=tlt-border|750px|right]]</th>
+
[[File:Networking_RUTX_VPN_between_HQ_topology_v3.png|border|class=tlt-border|750px|right]]</th>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
Line 17: Line 17:
  
 
'''Prerequisites''':
 
'''Prerequisites''':
* Two RUTxxx routers
+
* One RUTxxx router
 
* A Public Static or Public Dynamic IP addresses
 
* A Public Static or Public Dynamic IP addresses
 
* An end device to configure the router (PC, Laptop, Tablet, Smartphone)
 
* An end device to configure the router (PC, Laptop, Tablet, Smartphone)
  
The topology above depicts the OpenVPN scheme. The router with the Public IP address ('''RUT''') acts as the '''OpenVPN server''' and other '''RUT''' acts as '''client'''. OpenVPN connects the networks of '''HQ Office''' and '''Remote Office'''.  
+
The topology above depicts the OpenVPN scheme. - The router with the Public IP address ('''''{{{name}}}''''') acts as the '''OpenVPN server''' and other '''{{{name}}}''' acts as '''client'''. OpenVPN connects the networks of '''HQ Office''' and '''Remote Office'''. Only LAN traffic is going to go through that tunnel, any other WAN traffic won't go through it. This way the VPN tunnel will not be under a huge load and will provide greater speeds.
  
When the scheme is realized, remote office workers will be able to reach HQ’s internal network with all internal systems, allowing working from remote office to be possible. All remote office's WAN and LAN traffic is going to travel through VPN tunnel.
+
When the scheme is realized, remote office workers will be able to reach HQ’s internal network with all internal systems, allowing working from remote office to be possible.
  
 
==Configuring HQ office router==
 
==Configuring HQ office router==
 
===OpenVPN===
 
===OpenVPN===
 
----
 
----
====Generating Static key====
+
[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_1_v1.png]]
----
+
[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_2_v1.png]]
 
+
[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_3_v1.png]]
<table class="nd-othertables_2">
+
[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_4_v1.png]]
    <tr>
+
[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_5_v1.png]]
        <th width=525; style="border-bottom: 1px solid white;></th>
 
        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_1_v1.png|border|class=tlt-border|550px|right]]</th>
 
    </tr>
 
    <tr>
 
        <td style="border-bottom: 1px solid white>
 
Login to the router's WebUI, navigate to the '''Services → CLI''' page and do the following:
 
<ol>
 
    <li>Enter username '''''root''''' .</li>
 
    <li>Write the '''Password''' of your router.</li>
 
</ol>
 
        </td>
 
    </tr>
 
</table>
 
 
 
----
 
 
 
<table class="nd-othertables_2">
 
    <tr>
 
        <th width=525; style="border-bottom: 1px solid white;></th>
 
        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_2_v2.png|border|class=tlt-border|550px|right]]</th>
 
    </tr>
 
    <tr>
 
        <td style="border-bottom: 1px solid white>
 
Write the following commands to create OpenVPN '''Static key''', which will be used for authentication:
 
1) cd /etc/easy-rsa
 
2) openvpn --genkey --secret static.key
 
        </td>
 
    </tr>
 
</table>
 
 
 
====Extracting the key====
 
----
 
=====Linux=====
 
----
 
 
 
If you are using a Linux-based OS, extracting files from the router is simple. Just go to the directory on your PC where you want to relocate the files, right click anywhere and choose the '''Open in Terminal''' option. In the Terminal command line use the '''Secure Copy''' ('''scp''') command to copy the files from the router. The full command should look something like this:
 
 
 
$ scp [email protected]:/etc/easy-rsa/static.key ./
 
 
 
The '''[email protected]:/etc/easy-rsa/static.key''' specifies the path to where the Static key is located (replace the IP address with your router's LAN IP); the '''./''' denotes that you want to copy the contents to the directory you are in at the moment.
 
 
 
=====Windows=====
 
----
 
 
 
<table class="nd-othertables_2">
 
    <tr>
 
        <th width=525; style="border-bottom: 1px solid white;></th>
 
        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Winscp login instructions.PNG|border|class=tlt-border|550px|right]]</th>
 
    </tr>
 
    <tr>
 
        <td style="border-bottom: 1px solid white>
 
If you are using Windows, you can copy files from the router using '''WinSCP''', an Open source freeware SFTP, SCP and FTP client for Windows OS. Use the same login information with WinSCP as with CLI or SSH.
 
 
 
'''Please note''': You must select '''SCP''' as File Protocol in WinSCP Session settings.
 
        </td>
 
    </tr>
 
</table>
 
 
 
----
 
 
 
<table class="nd-othertables_2">
 
    <tr>
 
        <th width=525; style="border-bottom: 1px solid white;></th>
 
        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Winscp interface example.PNG|border|class=tlt-border|550px|right]]</th>
 
    </tr>
 
    <tr>
 
        <td style="border-bottom: 1px solid white>
 
Once you've connected to the router with WinSCP, copying the files should be simple enough: just go to '''/etc/easy-rsa/''', select the Static key file and drag it to directory on your PC where you would like to store it.
 
        </td>
 
    </tr>
 
</table>
 
 
 
====Configuring OpenVPN server====
 
----
 
 
 
<table class="nd-othertables_2">
 
    <tr>
 
        <th width=525; style="border-bottom: 1px solid white;></th>
 
        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_4_v1.png|border|class=tlt-border|550px|right]]</th>
 
    </tr>
 
    <tr>
 
        <td style="border-bottom: 1px solid white>
 
Now go to '''Services → VPN → OpenVPN'''. There create a new configuration by selecting role '''Server''', writing '''New configuration name''' and pressing '''Add New''' button. It should appear after a few seconds. Then press '''Edit'''.
 
        </td>
 
    </tr>
 
</table>
 
 
 
----
 
 
 
<table class="nd-othertables_2">
 
    <tr>
 
        <th width=525; style="border-bottom: 1px solid white;></th>
 
        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_5_v1.png|border|class=tlt-border|550px|right]]</th>
 
    </tr>
 
    <tr>
 
        <td style="border-bottom: 1px solid white>
 
Now apply the following configuration:
 
 
 
<ol>
 
    <li>'''Enable''' instance.</li>
 
    <li>Set '''TUN/TAP''' to '''TAP (bridged)'''.</li>
 
    <li>Enable '''LZO'''.</li>
 
    <li>Select '''Authentication: Static key'''.</li>
 
    <li>Add '''Keep alive''' interval: '''10 120'''.</li>
 
    <li>Upload '''Static pre-shared key'''.</li>
 
    <li>'''Save''' the changes.</li>
 
</ol>
 
        </td>
 
    </tr>
 
</table>
 
  
 
==Configuring remote office router==
 
==Configuring remote office router==
 
Before you start configuring the remote office router, set a static IP address on the device you are configuring the router with (e.g. 192.168.1.10). You can find instructions on how to do that here:
 
 
[[Setting_up_a_Static_IP_address_on_a_Ubuntu_16.04_PC|Ubuntu]]
 
 
[[Setting up a Static IP address on a Windows 10 PC|Windows]]
 
 
<span style="color: red;">'''Note: make sure to switch back to automatic DNS and IP address obtaining when you are done configuring the router.'''</span>
 
 
===LAN===
 
----
 
 
<table class="nd-othertables_2">
 
    <tr>
 
        <th width=525; style="border-bottom: 1px solid white;></th>
 
        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_8_v1.png|border|class=tlt-border|550px|right]]</th>
 
    </tr>
 
    <tr>
 
        <td style="border-bottom: 1px solid white>
 
Go to '''Network → LAN''' and apply the following steps:
 
 
<ol>
 
    <li>Change your '''LAN IP address''' to: '''192.168.1.2</li>
 
    <li>Disable '''DHCP'''.</li>
 
    <li>'''Save''' the changes.</li>
 
</ol>
 
        </td>
 
    </tr>
 
</table>
 
 
 
===OpenVPN===
 
===OpenVPN===
 
----
 
----
====Configuring OpenVPN client====
+
[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_6_v1.png]]
----
+
[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_7_v1.png]]
 
+
===LAN===
<table class="nd-othertables_2">
 
    <tr>
 
        <th width=525; style="border-bottom: 1px solid white;></th>
 
        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_6_v1.png|border|class=tlt-border|550px|right]]</th>
 
    </tr>
 
    <tr>
 
        <td style="border-bottom: 1px solid white>
 
Go to '''Services → VPN → OpenVPN'''. There create a new configuration by selecting role '''Client''', writing '''New configuration name''' and pressing '''Add New''' button. It should appear after a few seconds. Then press '''Edit'''.  
 
        </td>
 
    </tr>
 
</table>
 
 
 
 
----
 
----
 
+
[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_8_v1.png]]
<table class="nd-othertables_2">
 
    <tr>
 
        <th width=525; style="border-bottom: 1px solid white;></th>
 
        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_7_v2.png|border|class=tlt-border|550px|right]]</th>
 
    </tr>
 
    <tr>
 
        <td style="border-bottom: 1px solid white>
 
Now apply the following configuration:
 
 
 
<ol>
 
    <li>'''Enable''' instance.</li>
 
    <li>Set '''TUN/TAP''' to '''TAP (bridged)'''.</li>
 
    <li>Enable '''LZO'''.</li>
 
    <li>Select '''Authentication: Static key'''.</li>
 
    <li>Write '''Remote host/IP address''' (RUT OpenVPN server public IP).</li>
 
    <li>Add '''Keep alive''' interval: '''10 120'''.</li>
 
    <li>Upload '''Static pre-shared key'''.</li>
 
    <li>'''Save''' the changes.</li>
 
</ol>
 
        </td>
 
    </tr>
 
</table>
 
 
 
 
==Results==
 
==Results==
 
+
[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_9_v2.png]]
<table class="nd-othertables_2">
 
    <tr>
 
        <th width=525; style="border-bottom: 1px solid white;></th>
 
        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_9_v2.png|border|class=tlt-border|550px|right]]</th>
 
    </tr>
 
    <tr>
 
        <td style="border-bottom: 1px solid white>
 
Remote office should now be able to access HQ network resources. To verify the connection you can ping remote RUT HQ server LAN IP and if you get a reply, you have successfully connected to HQ‘s internal network. Also, all LAN addresses should now be leased to the LAN devices by HQ router.
 
        </td>
 
    </tr>
 
</table>
 

Revision as of 17:51, 30 April 2020

Networking RUTX VPN between HQ topology v3.png

Configuration overview and prerequisites

Prerequisites:

  • One RUTxxx router
  • A Public Static or Public Dynamic IP addresses
  • An end device to configure the router (PC, Laptop, Tablet, Smartphone)

The topology above depicts the OpenVPN scheme. - The router with the Public IP address ({{{name}}}) acts as the OpenVPN server and other {{{name}}} acts as client. OpenVPN connects the networks of HQ Office and Remote Office. Only LAN traffic is going to go through that tunnel, any other WAN traffic won't go through it. This way the VPN tunnel will not be under a huge load and will provide greater speeds.

When the scheme is realized, remote office workers will be able to reach HQ’s internal network with all internal systems, allowing working from remote office to be possible.

Configuring HQ office router

OpenVPN


Networking rut configuration example openvpn bridge use case 1 v1.png Networking rut configuration example openvpn bridge use case 2 v1.png Networking rut configuration example openvpn bridge use case 3 v1.png Networking rut configuration example openvpn bridge use case 4 v1.png Networking rut configuration example openvpn bridge use case 5 v1.png

Configuring remote office router

OpenVPN


Networking rut configuration example openvpn bridge use case 6 v1.png Networking rut configuration example openvpn bridge use case 7 v1.png

LAN


Networking rut configuration example openvpn bridge use case 8 v1.png

Results

Networking rut configuration example openvpn bridge use case 9 v2.png