489
edits
Changes
Connecting to the office network remotely from your home via VPN (OpenVPN) using RUTX (view source)
Revision as of 08:24, 10 May 2022
, 08:24, 10 May 2022no edit summary
<table class="nd-othertables_2">
<tr>
<th width="325;" style="border-bottom: 1px solid white;"></th>
<th rowspan="2;" width="820;" style="border-bottom: 1px solid white;">[[File:Networking rutxxx configuration openvpn topology v1.png|alt=|border|class=tlt-border|right|750x750px]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white">
{| align="center"
|__TOC__
|}
</td>
</tr>
</table>
==Configuration overview and prerequisites==
==Configuration overview and prerequisites==
When the scheme is realized, home workers will be able to reach the corporation’s internal network with all internal systems, allowing working from home to be possible.
When the scheme is realized, home workers will be able to reach the corporation’s internal network with all internal systems, allowing working from home to be possible.
==Configuring OpenVPN from the client-side==
==Configuring OpenVPN from the client-side ==
===TLS Certificates===
===TLS Certificates===
*Firstly generate TLS certificates on your Windows Computer, you can find instructions on how to do it [[How to generate TLS certificates (Windows)?|here]].
*Firstly generate TLS certificates on your Windows Computer, you can find instructions on how to do it [[How to generate TLS certificates (Windows)?|here]].
*After you've successfully generated TLS certificates you will need to create a '''.ovpn''' file for storing client configurations. Simply open any text editor and follow [[OpenVPN client on Windows|this]] tutorial.
*After you've successfully generated TLS certificates you will need to create a '''.ovpn''' file for storing client configurations. Simply open any text editor and follow [[OpenVPN client on Windows|this]] tutorial.
*'''Important: in your .ovpn file certificates you will need to copy are:'''[[File:Ovpn1.png|frame]]
*'''Important: in your .ovpn file certificates you will need to copy are:'''
*In '''<ca> </ca>''' paste whole certificate from '''/easy-rsa/pki/ca.crt'''
*IN '''<cert></cert>''' paste whole certificate from '''/easy-rsa/pki/issued/"your_client_name".crt'''
* And in the last section '''<key></key>''' paste whole private key from '''/easy-rsa/pki/private/"your_client_name".key'''
*One more thing to change in your .ovpn file is to change the IP address to your router's '''public IP address'''
[[File:Networking rutxxx configuration openvpn certification file.jpg|alt=|border|class=tlt-border]]
*Now you can '''Save''' and '''Import''' your '''.ovpn''' file to the OpenVPN client by right-clicking on OpenVPN GUI in the hidden icons tray and navigating to '''Import → Import File'''.
[[File:Networking rutxxx configuration certificate import.jpg|alt=|border|class=tlt-border]]
Do not connect yet to your VPN client, we still have to configure the server.
==Configuring OpenVPN from the server-side==
<table class="nd-othertables_2">
<tr>
<th width="355;" style="border-bottom: 1px solid white;"></th>
<th rowspan="2" width="790;" style="border-bottom: 1px solid white;">[[File:Networking rutxxx configuration ovpn server creation.jpg|alt=|right|770x770px]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white;">
Login to the router's WebUI and navigate to the '''Services → VPN → OPENVPN''' page and do the following:
<ol>
<li>Enter a '''custom configuration name'''</li>
<li>Select '''Role: Server'''.
</li>
<li>Click the '''Add''' button.</li>
<li>Click the '''Edit''' button next to the newly created OpenVPN instance.</li>
</ol>
</td>
</tr>
</table>
----
<br>
----<table class="nd-othertables_2">
<tr>
<th width="355;" style="border-bottom: 1px solid white;"></th>
<th rowspan="2" width="790;" style="border-bottom: 1px solid white;">[[File:Networking rutxxx configuration ovpn settings.jpg|alt=|border|right|770x770px]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white">
<ol>
<li>'''Enable''' OpenVPN instance.</li>
<li>Change '''Authentication''' to '''TLS'''
</li>
<li>Change '''Encryption''' to '''AES-256-GCM 256'''
</li><li>Change '''Keep alive''' to '''5 10'''
</li><li>In '''Virtual network IP address''' type: '''192.168.15.0'''
</li><li>'''Virtual network netmask''' select: '''255.255.255.0'''
</li><li>Leave everything else default
</li></ol>
</td>
</tr>
</table>
<br>
----<table class="nd-othertables_2">
<tr>
<th width="355;" style="border-bottom: 1px solid white;"></th>
<th rowspan="2" width="790;" style="border-bottom: 1px solid white;">[[File:Networking rutxxx configuration ovpn configuration.jpg|alt=|border|right|770x770px]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white">
<ol>
<li>The last thing left to do is to upload '''Certificates''', firstly upload '''Certificate authority''' ('''ca.crt''' file)</li>
<li>Upload '''Server certificate''' ('''server.crt''' file)
</li>
<li>Upload '''Server key''' ('''server.key''' file)
</li>
<li>Now upload '''Diffie Hellman parameters''' ('''dh.pem''' file)
</li>
<li>Press '''SAVE & APPLY''' button
</li></ol>
</td>
</tr>
</table>
----
==Connecting to the OpenVPN server ==
If everything was configurated correctly your OpenVPN server should be '''Active''':
[[File:Networking rutxxx configuration ovpn active state.jpg|alt=|border|1008x1008px|class=tlt-border]]
Now let's try to connect from a '''client''' to the '''server'''.
On your Windows machine right-click on '''OpenVPN GUI''' '''→''' Select your client → Press Connect
[[File:Networking rutxxx configuration openvpn connect to the client.jpg|alt=|border|class=tlt-border]]
If the connection was successful then you will get the following notification:
[[File:Networking rutxxx configuration successful connection.jpg|alt=|border|class=tlt-border]]
To test if the connection is working properly on your Windows machine open '''CMD''' and type ping '''192.168.15.1''' (server's VPN IP) you should get a similar response:
[[File:Networking rutxxx configuration cmd ping to the server.jpg|alt=|border|class=tlt-border]]