Line 22: |
Line 22: |
| <li> Client 3 VPN tunnel address - 10.0.0.14, LAN device address - 192.168.30.178</li> | | <li> Client 3 VPN tunnel address - 10.0.0.14, LAN device address - 192.168.30.178</li> |
| </ul> | | </ul> |
| + | |
| + | |
| + | =Advanced mode= |
| + | |
| + | If You have trouble seeing any of the settings, be sure to enable "'''Advanced mode'''" |
| + | [[File:Networking rutos manual webui basic advanced mode 75.gif|none|border|center|class=tlt-border]] |
| | | |
| =Generating certificates for an OpenVPN server= | | =Generating certificates for an OpenVPN server= |
| | | |
− | Navigate to '''System → Administration → Certificates''' | + | Navigate to '''System → Administration → Certificates → Generate Certificate''' |
| | | |
|   1. Generate 2 certificates . Recommended key size is at least '''2048 bits''' for security reasons: | |   1. Generate 2 certificates . Recommended key size is at least '''2048 bits''' for security reasons: |
Line 31: |
Line 37: |
|    1.1. CA | |    1.1. CA |
| | | |
− |    1.2 Server | + |    1.2. Server |
| | | |
− |   2.In Certificate Manager download Server certificate | + |   2. In Certificate Manager download Server certificate |
| | | |
| There are multiple methods of how certificates could be generated, you could follow this tutorial instead: | | There are multiple methods of how certificates could be generated, you could follow this tutorial instead: |
| [[How to generate TLS certificates (Windows)?]] | | [[How to generate TLS certificates (Windows)?]] |
| | | |
− | [[File:Certificate download v3.png|none|border|left|class=tlt-border]] | + | [[File:Certificate download v4.png|none|border|left|class=tlt-border]] |
| | | |
| For any OpenVPN clients, You will need to generate “Client” certificates, download certificate and key, and send them to the client | | For any OpenVPN clients, You will need to generate “Client” certificates, download certificate and key, and send them to the client |
| | | |
| =Creating an OpenVPN server= | | =Creating an OpenVPN server= |
− |
| |
− | Connect to WebUI and enable Advanced mode
| |
− |
| |
− | [[File:Networking rutos manual webui basic advanced mode 75.gif|none|border|center|class=tlt-border]]
| |
| | | |
| Navigate to '''Services -> VPN -> OpenVPN''', Add a new OpenVPN instance with a Server role with these settings | | Navigate to '''Services -> VPN -> OpenVPN''', Add a new OpenVPN instance with a Server role with these settings |
Line 62: |
Line 64: |
| | | |
| | | |
− | Press '''"Save & Apply"''', enable OpenVPN server and check if the server is online | + | Press '''"Save & Apply"''', enable OpenVPN server and check if the server is online. |
| | | |
| [[File:OpenVPN server is online v3.png|none|border|left|class=tlt-border]] | | [[File:OpenVPN server is online v3.png|none|border|left|class=tlt-border]] |
Line 68: |
Line 70: |
| =Connecting clients to the OpenVPN server= | | =Connecting clients to the OpenVPN server= |
| | | |
− | Navigate to '''Services -> VPN -> OpenVPN''' | + | Navigate to '''Services -> VPN -> OpenVPN'''. Add a new OpenVPN instance with a Client role with these settings |
− | | |
− |   1. Add a new OpenVPN instance with a Client role
| |
− | | |
− |   2. Create an OpenVPN client with these settings
| |
| | | |
| [[File:OpenVPN Client1 v3.png|none|border|center|class=tlt-border]] | | [[File:OpenVPN Client1 v3.png|none|border|center|class=tlt-border]] |
− |
| |
| | | |
|    1) '''Remote host/IP address''' - Public IP of the OpenVPN server's router | |    1) '''Remote host/IP address''' - Public IP of the OpenVPN server's router |
Line 83: |
Line 80: |
|    3) '''Remote network netmask''' - 255.255.255.224 | |    3) '''Remote network netmask''' - 255.255.255.224 |
| | | |
− |    4) '''Add the certificates from the OpenVPN server''' - Certificate Authority, Client certificate, and Client key which we downloaded in the Certificate Generation step | + |    4) '''Add the certificates from the OpenVPN server''' - Certificate Authority, Client certificate, and Client key which we downloaded in the Certificate Generation step. |
| | | |
| | | |
Line 135: |
Line 132: |
| | | |
| | | |
− |    1. '''Protocol''' - All protocols | + |    1) '''Protocol''' - All protocols |
| | | |
− |    2. '''Source zone''' - OpenVPN | + |    2) '''Source zone''' - OpenVPN |
| | | |
− |    3. '''Source IP''' - OpenVPN remote IP and LAN subnet of client 3 | + |    3) '''Source IP''' - OpenVPN remote IP and LAN subnet of client 3 |
| | | |
− |    4. '''Destination zone''' - OpenVPN | + |    4) '''Destination zone''' - OpenVPN |
| | | |
− |    5. '''Destination address''' - other client OpenVPN remote endpoints and LAN subnets | + |    5) '''Destination address''' - other client OpenVPN remote endpoints and LAN subnets |
| | | |
− |    6. '''Action''' - Deny | + |    6) '''Action''' - Deny |
| | | |
| | | |