Template:Networking rutx configuration example openvpn bridge use case: Difference between revisions

From Teltonika Networks Wiki
Line 125: Line 125:
     <tr>
     <tr>
         <td style="border-bottom: 1px solid white>
         <td style="border-bottom: 1px solid white>
Go to '''Services → VPN → OpenVPN'''. There create a new configuration by selecting role '''Client''', writing '''New configuration name''' and pressing '''Add New''' button. It should appear after a few seconds. Then press '''Edit'''.  
Go to '''Services → VPN → OpenVPN'''. There create a new configuration by selecting role '''Client''', writing '''New configuration name''' and pressing '''Add''' button. It should appear after a few seconds. Then press '''Edit'''.  
         </td>
         </td>
     </tr>
     </tr>
Line 146: Line 146:
     <li>Enable '''LZO'''.</li>
     <li>Enable '''LZO'''.</li>
     <li>Select '''Authentication: Static key'''.</li>
     <li>Select '''Authentication: Static key'''.</li>
     <li>Write '''Remote host/IP address''' (RUT OpenVPN server public IP).</li>
     <li>Write '''Remote host/IP address''' (RUTX OpenVPN server public IP).</li>
     <li>Add '''Keep alive''' interval: '''10 120'''.</li>
     <li>Add '''Keep alive''' interval: '''10 120'''.</li>
     <li>Upload '''Static pre-shared key''' (use the .txt file you created in previous steps).</li>
     <li>Upload '''Static pre-shared key''' (use the .txt file you created in previous steps).</li>
Line 165: Line 165:
     <tr>
     <tr>
         <td style="border-bottom: 1px solid white>
         <td style="border-bottom: 1px solid white>
Now go to '''Network → LAN''' and apply the following steps:
Now go to '''Network → LAN''' and press '''Edit''' next to your LAN interface:
 
<ol>
    <li>Change your '''LAN IP address''' to: '''192.168.1.2</li>
    <li>Disable '''DHCP'''.</li>
    <li>'''Save''' the changes.</li>
</ol>
         </td>
         </td>
     </tr>
     </tr>
Line 185: Line 179:
     <tr>
     <tr>
         <td style="border-bottom: 1px solid white>
         <td style="border-bottom: 1px solid white>
Now go to '''Network → LAN''' and apply the following steps:
Apply the following steps:


<ol>
<ol>

Revision as of 17:39, 5 May 2020

Configuration overview and prerequisites

Prerequisites:

  • One RUTxxx router
  • A Public Static or Public Dynamic IP addresses
  • An end device to configure the router (PC, Laptop, Tablet, Smartphone)

The topology above depicts the OpenVPN scheme. The router with the Public IP address ({{{name}}}) acts as the OpenVPN server and other {{{name}}} acts as client. OpenVPN connects the networks of HQ Office and Remote Office.

When the scheme is realized, remote office workers will be able to reach HQ’s internal network with all internal systems, allowing working from remote office to be possible. All remote office's WAN and LAN traffic is going to travel through VPN tunnel.

Configuring HQ office router

OpenVPN


Login to the router's WebUI, navigate to the Services → CLI page and do the following:

  1. Enter username root .
  2. Write the Password of your router.

Write the following commands to create and open OpenVPN Static key, which will be used for authentication:

1) cd /etc/easy-rsa
2) openvpn --genkey --secret static.key
3) cat static.key

Create .txt file on your computer and copy Static key to it. Copy from the beginning to the end as in the example.


Now go to Services → VPN → OpenVPN. There create a new configuration by selecting role Server, writing New configuration name and pressing Add button. It should appear after a few seconds. Then press Edit.


Now apply the following configuration:

  1. Enable instance.
  2. Set TUN/TAP to TAP (bridged).
  3. Enable LZO.
  4. Select Authentication: Static key.
  5. Add Keep alive interval: 10 120.
  6. Upload Static pre-shared key (use the .txt file you created in previous steps).
  7. Save the changes.

Configuring remote office router

OpenVPN


Go to Services → VPN → OpenVPN. There create a new configuration by selecting role Client, writing New configuration name and pressing Add button. It should appear after a few seconds. Then press Edit.


Now apply the following configuration:

  1. Enable instance.
  2. Set TUN/TAP to TAP (bridged).
  3. Enable LZO.
  4. Select Authentication: Static key.
  5. Write Remote host/IP address (RUTX OpenVPN server public IP).
  6. Add Keep alive interval: 10 120.
  7. Upload Static pre-shared key (use the .txt file you created in previous steps).
  8. Save the changes.

LAN


Now go to Network → LAN and press Edit next to your LAN interface:


Apply the following steps:

  1. Change your LAN IP address to: 192.168.1.2
  2. Disable DHCP.
  3. Save the changes.

Results

Remote office should now be able to access HQ network resources. To verify the connection you can ping remote RUT HQ server LAN IP and if you get a reply, you have successfully connected to HQ‘s internal network. Also, all LAN addresses should now be leased to the LAN devices by HQ router.