OpenVPN Access Control

From Teltonika Networks Wiki

Introduction

In this example, we will configure an OpenVPN server and will manage which resources can be accessed by separate clients

Generating certificates for an OpenVPN server

1)Navigate to System -> Administration -> Certificates

2)Generate 2 certificates with a keysize 1024:

2.1) CA

2.2) Server

3) In Certificate Manager download Server certificate


For any OpenVPN clients, You will need to generate “Client” certificates, download certificate and key, and send them to the client

Creating an OpenVPN server

1) Connect to WebUI and enable Advanced mode

2) Navigate to Services -> VPN -> OpenVPN

3) Add a new OpenVPN instance with a Server role

4) Create an OpenVPN server with these settings


Virtual network IP address – 10.0.0.0

Virtual network netmask – 255.255.255.240

Client to client – disabled

Certificate files from device - on

5) Press "Save & Apply", enable OpenVPN server and check if the server is online

Connecting clients to the OpenVPN server

1) Navigate to Services -> VPN -> OpenVPN

2) Add a new OpenVPN instance with a Client role

3) Create an OpenVPN client with these settings

Remote host/IP address - Public IP of the OpenVPN server's router

Remote network IP address - 10.0.0.0

Remote network netmask - 255.255.255.240

And add the certificates from the OpenVPN server - Certificate Authority, Client certificate and Client key which we downloaded in Certificate Generation step

4) Press "Save & Apply", enable OpenVPN client and check if the connection is made

5) Repeat this step for as many clients as You need. For this example, we will have 3 clients

Controlling access with traffic rules

1)