Difference between revisions of "Template:Networking rutx configuration example openvpn bridge use case"
(38 intermediate revisions by 2 users not shown) | |||
Line 3: | Line 3: | ||
<th width=325; style="border-bottom: 1px solid white;></th> | <th width=325; style="border-bottom: 1px solid white;></th> | ||
<th width=820; style="border-bottom: 1px solid white;" rowspan=2;> | <th width=820; style="border-bottom: 1px solid white;" rowspan=2;> | ||
− | [[File: | + | [[File:Networking_rut_configuration_example_openvpn_bridge_use_case_topology_v1.png|border|class=tlt-border|750px|right]]</th> |
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 17: | Line 17: | ||
'''Prerequisites''': | '''Prerequisites''': | ||
− | * | + | * One RUTxxx router |
* A Public Static or Public Dynamic IP addresses | * A Public Static or Public Dynamic IP addresses | ||
* An end device to configure the router (PC, Laptop, Tablet, Smartphone) | * An end device to configure the router (PC, Laptop, Tablet, Smartphone) | ||
− | The topology above depicts the OpenVPN scheme. The router with the Public IP address (''' | + | The topology above depicts the OpenVPN scheme. The router with the Public IP address ('''{{{name}}}''') acts as the '''OpenVPN server''' and other '''{{{name}}}''' acts as '''client'''. OpenVPN connects the networks of '''HQ Office''' and '''Remote Office'''. |
When the scheme is realized, remote office workers will be able to reach HQ’s internal network with all internal systems, allowing working from remote office to be possible. All remote office's WAN and LAN traffic is going to travel through VPN tunnel. | When the scheme is realized, remote office workers will be able to reach HQ’s internal network with all internal systems, allowing working from remote office to be possible. All remote office's WAN and LAN traffic is going to travel through VPN tunnel. | ||
Line 27: | Line 27: | ||
==Configuring HQ office router== | ==Configuring HQ office router== | ||
===OpenVPN=== | ===OpenVPN=== | ||
− | |||
− | |||
---- | ---- | ||
Line 52: | Line 50: | ||
<tr> | <tr> | ||
<th width=355; style="border-bottom: 1px solid white;></th> | <th width=355; style="border-bottom: 1px solid white;></th> | ||
− | <th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File: | + | <th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutx_configuration_example_openvpn_bridge_use_case_2_v1.png|770px|right]]</th> |
</tr> | </tr> | ||
<tr> | <tr> | ||
<td style="border-bottom: 1px solid white> | <td style="border-bottom: 1px solid white> | ||
− | Write the following commands to create OpenVPN '''Static key''', which will be used for authentication: | + | Write the following commands to create and open OpenVPN '''Static key''', which will be used for authentication: |
1) cd /etc/easy-rsa | 1) cd /etc/easy-rsa | ||
2) openvpn --genkey --secret static.key | 2) openvpn --genkey --secret static.key | ||
+ | 3) cat static.key | ||
</td> | </td> | ||
</tr> | </tr> | ||
</table> | </table> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
---- | ---- | ||
Line 80: | Line 67: | ||
<tr> | <tr> | ||
<th width=355; style="border-bottom: 1px solid white;></th> | <th width=355; style="border-bottom: 1px solid white;></th> | ||
− | <th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File: | + | <th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutx_configuration_example_openvpn_bridge_use_case_3_v1.png|770px|right]]</th> |
</tr> | </tr> | ||
<tr> | <tr> | ||
<td style="border-bottom: 1px solid white> | <td style="border-bottom: 1px solid white> | ||
− | + | Create '''.txt''' file on your computer and copy '''Static key''' to it. Copy from the beginning to the end as in the example. | |
− | |||
− | ''' | ||
</td> | </td> | ||
</tr> | </tr> | ||
</table> | </table> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
---- | ---- | ||
Line 137: | Line 107: | ||
<li>Select '''Authentication: Static key'''.</li> | <li>Select '''Authentication: Static key'''.</li> | ||
<li>Add '''Keep alive''' interval: '''10 120'''.</li> | <li>Add '''Keep alive''' interval: '''10 120'''.</li> | ||
− | <li>Upload '''Static pre-shared key'''.</li> | + | <li>Upload '''Static pre-shared key''' (use the .txt file you created in previous steps).</li> |
<li>'''Save''' the changes.</li> | <li>'''Save''' the changes.</li> | ||
</ol> | </ol> | ||
Line 145: | Line 115: | ||
==Configuring remote office router== | ==Configuring remote office router== | ||
− | + | ===OpenVPN=== | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | == | ||
---- | ---- | ||
Line 160: | Line 121: | ||
<tr> | <tr> | ||
<th width=355; style="border-bottom: 1px solid white;></th> | <th width=355; style="border-bottom: 1px solid white;></th> | ||
− | <th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File: | + | <th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutx_configuration_example_openvpn_bridge_use_case_6_v1.png|770px|right]]</th> |
</tr> | </tr> | ||
<tr> | <tr> | ||
<td style="border-bottom: 1px solid white> | <td style="border-bottom: 1px solid white> | ||
− | Go to ''' | + | Go to '''Services → VPN → OpenVPN'''. There create a new configuration by selecting role '''Client''', writing '''New configuration name''' and pressing '''Add New''' button. It should appear after a few seconds. Then press '''Edit'''. |
</td> | </td> | ||
</tr> | </tr> | ||
Line 174: | Line 135: | ||
<tr> | <tr> | ||
<th width=355; style="border-bottom: 1px solid white;></th> | <th width=355; style="border-bottom: 1px solid white;></th> | ||
− | <th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File: | + | <th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutx_configuration_example_openvpn_bridge_use_case_7_v1.png|770px|right]]</th> |
</tr> | </tr> | ||
<tr> | <tr> | ||
<td style="border-bottom: 1px solid white> | <td style="border-bottom: 1px solid white> | ||
− | + | Now apply the following configuration: | |
<ol> | <ol> | ||
− | <li> | + | <li>'''Enable''' instance.</li> |
− | <li> | + | <li>Set '''TUN/TAP''' to '''TAP (bridged)'''.</li> |
+ | <li>Enable '''LZO'''.</li> | ||
+ | <li>Select '''Authentication: Static key'''.</li> | ||
+ | <li>Write '''Remote host/IP address''' (RUT OpenVPN server public IP).</li> | ||
+ | <li>Add '''Keep alive''' interval: '''10 120'''.</li> | ||
+ | <li>Upload '''Static pre-shared key''' (use the .txt file you created in previous steps).</li> | ||
<li>'''Save''' the changes.</li> | <li>'''Save''' the changes.</li> | ||
</ol> | </ol> | ||
Line 189: | Line 155: | ||
</table> | </table> | ||
− | === | + | ===LAN=== |
− | |||
− | |||
---- | ---- | ||
Line 197: | Line 161: | ||
<tr> | <tr> | ||
<th width=355; style="border-bottom: 1px solid white;></th> | <th width=355; style="border-bottom: 1px solid white;></th> | ||
− | <th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File: | + | <th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutx_configuration_example_openvpn_bridge_use_case_8_v1.png|770px|right]]</th> |
</tr> | </tr> | ||
<tr> | <tr> | ||
<td style="border-bottom: 1px solid white> | <td style="border-bottom: 1px solid white> | ||
− | + | Now go to '''Network → LAN''' and apply the following steps: | |
+ | |||
+ | <ol> | ||
+ | <li>Change your '''LAN IP address''' to: '''192.168.1.2</li> | ||
+ | <li>Disable '''DHCP'''.</li> | ||
+ | <li>'''Save''' the changes.</li> | ||
+ | </ol> | ||
</td> | </td> | ||
</tr> | </tr> | ||
Line 211: | Line 181: | ||
<tr> | <tr> | ||
<th width=355; style="border-bottom: 1px solid white;></th> | <th width=355; style="border-bottom: 1px solid white;></th> | ||
− | <th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File: | + | <th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutx_configuration_example_openvpn_bridge_use_case_9_v1.png|770px|right]]</th> |
</tr> | </tr> | ||
<tr> | <tr> | ||
<td style="border-bottom: 1px solid white> | <td style="border-bottom: 1px solid white> | ||
− | Now apply the following | + | Now go to '''Network → LAN''' and apply the following steps: |
<ol> | <ol> | ||
− | <li>''' | + | <li>Change your '''LAN IP address''' to: '''192.168.1.2</li> |
− | + | <li>Disable '''DHCP'''.</li> | |
− | |||
− | |||
− | |||
− | |||
− | <li> | ||
<li>'''Save''' the changes.</li> | <li>'''Save''' the changes.</li> | ||
</ol> | </ol> | ||
Line 240: | Line 205: | ||
<tr> | <tr> | ||
<td style="border-bottom: 1px solid white> | <td style="border-bottom: 1px solid white> | ||
− | Remote office should now be able to access HQ network resources. To verify the connection you can ping remote | + | Remote office should now be able to access HQ network resources. To verify the connection you can ping remote RUT HQ server LAN IP and if you get a reply, you have successfully connected to HQ‘s internal network. Also, all LAN addresses should now be leased to the LAN devices by HQ router. |
</td> | </td> | ||
</tr> | </tr> | ||
</table> | </table> |
Revision as of 18:36, 5 May 2020
|
Configuration overview and prerequisites
Prerequisites:
- One RUTxxx router
- A Public Static or Public Dynamic IP addresses
- An end device to configure the router (PC, Laptop, Tablet, Smartphone)
The topology above depicts the OpenVPN scheme. The router with the Public IP address ({{{name}}}) acts as the OpenVPN server and other {{{name}}} acts as client. OpenVPN connects the networks of HQ Office and Remote Office.
When the scheme is realized, remote office workers will be able to reach HQ’s internal network with all internal systems, allowing working from remote office to be possible. All remote office's WAN and LAN traffic is going to travel through VPN tunnel.
Configuring HQ office router
OpenVPN
Login to the router's WebUI, navigate to the Services → CLI page and do the following:
|
Write the following commands to create and open OpenVPN Static key, which will be used for authentication: 1) cd /etc/easy-rsa 2) openvpn --genkey --secret static.key 3) cat static.key |
Create .txt file on your computer and copy Static key to it. Copy from the beginning to the end as in the example. |
Now go to Services → VPN → OpenVPN. There create a new configuration by selecting role Server, writing New configuration name and pressing Add button. It should appear after a few seconds. Then press Edit. |
Now apply the following configuration:
|
Configuring remote office router
OpenVPN
Go to Services → VPN → OpenVPN. There create a new configuration by selecting role Client, writing New configuration name and pressing Add New button. It should appear after a few seconds. Then press Edit. |
Now apply the following configuration:
|
LAN
Now go to Network → LAN and apply the following steps:
|
Now go to Network → LAN and apply the following steps:
|
Results
Remote office should now be able to access HQ network resources. To verify the connection you can ping remote RUT HQ server LAN IP and if you get a reply, you have successfully connected to HQ‘s internal network. Also, all LAN addresses should now be leased to the LAN devices by HQ router. |