Changes

OpenVPN configuration examples RUT R 00.07 (view source)

Revision as of 18:05, 19 September 2023

2,891 bytes added ,  18:05, 19 September 2023
m
This is an OpenVPN TLS configuration example with Windows client, waiting for review
Line 269: Line 269:       −
== OpenVPN TLS configuration with a Windows client ==
+
==OpenVPN TLS configuration example with Windows client==
 +
This is an OpenVPN configuration example with a Windows client ([https://openvpn.net/client/client-connect-vpn-for-windows/ OpenVPN Connect]). This configuration requires the router to have a public IP address (Either static or dynamic IP).
    +
===Public IP: Static / Dynamic===
 +
----If your router have a static public IP address on one of its WAN interfaces, it will be used as the OpenVPN Server address on the client configuration file.
 +
 +
In case you have a dynamic public IP address, it is recommended to use the '''[[Dynamic DNS]]''' functionality, and use the hostname provided by the DDNS service as the OpenVPN Server address. You can find some Dynamic DNS configuration examples [[DDNS Configuration Examples|here]].
 +
 +
===OpenVPN Server configuration===
 +
----For this example we will be creating a TUN (Tunnel) type connection that uses the UDP protocol for data transfer and TLS Authentication, you can refer to [[How to generate TLS certificates (Windows)?|this]] article for more information about TLS certificates and keys. Here is the router '''RUT1''' OpenVPN configuration ('''Server'''; LAN IP: '''192.168.1.1'''; WAN (Public static) IP: '''213.226.191.61;''' OpenVPN Virtual network will be '''10.0.0.0/24''') :
 +
[[File:OpenVPN-Server-config.png|alt=OpenVPN-Server-Configuration|border]]
 +
You can add push option ('''route 192.168.1.0 255.255.255.0''') to allow VPN clients to connect to the router LAN network.
 +
 +
Once the VPN server is ready, It will change its status to Active:
 +
[[File:Server-Status Active.png|border]]
 +
 +
===OpenVPN Windows client configuration:===
 +
----For this step, you'll need to prepare a configuration file folder, it must contain the following files:
 +
 +
*The root certificate file (Certificate Authority)
 +
*Client certificate
 +
*Client key
 +
*OpenVPN client configuration file (Client_config.ovpn)
 +
 +
Mainly, it should look like this:
 +
 +
[[File:Config-Folder.png|border]]
 +
 +
And this is the content of the OpenVPN client config file:
 +
client
 +
dev '''tun'''
 +
proto '''udp'''
 +
auth '''sha1'''
 +
remote '''213.226.191.61 1194'''
 +
resolv-retry '''infinite'''
 +
nobind
 +
persist-key
 +
persist-tun
 +
ca '''ca.crt'''
 +
cert '''client.crt'''
 +
key '''client.key'''
 +
remote-cert-tls '''server'''
 +
data-ciphers '''BF-CBC'''
 +
cipher '''BF-CBC'''
 +
comp-lzo '''no'''
 +
keepalive '''10 120'''
 +
After saving the configuration file, you can open the '''OpenVPN Connect''' software on your Windows operating system, upload the configuration file, and click connect:
 +
 +
[[File:OpenVPN-Client-connected.png|border]]
 +
 +
The OpenVPN Windows client is now connected to the OpenVPN server.
 +
 +
===Testing OpenVPN connectivity===
 +
----From The Windows client side, you can try to ping the Router's LAN IP address ('''192.168.1.1''') and one of his LAN clients ('''192.168.1.167'''):
 +
 +
[[File:Testing-VPN-Connectivity.png|border]]
 +
 +
The Windows OpenVPN Client can now Ping the router's LAN Network successfully.
    
==See also==
 
==See also==
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/111782"

Navigation menu