Line 1: |
Line 1: |
| + | <table class="nd-othertables_2"> |
| + | <tr> |
| + | <th width="325;" style="border-bottom: 1px solid white;"></th> |
| + | <th rowspan="2;" width="820;" style="border-bottom: 1px solid white;">[[File:Networking rutxxx configuration openvpn topology v1.png|alt=|border|class=tlt-border|right|750x750px]]</th> |
| + | </tr> |
| + | <tr> |
| + | <td style="border-bottom: 1px solid white"> |
| + | {| align="center" |
| + | |__TOC__ |
| + | |} |
| + | </td> |
| + | </tr> |
| + | </table> |
| + | |
| ==Configuration overview and prerequisites== | | ==Configuration overview and prerequisites== |
| | | |
Line 9: |
Line 23: |
| When the scheme is realized, home workers will be able to reach the corporation’s internal network with all internal systems, allowing working from home to be possible. | | When the scheme is realized, home workers will be able to reach the corporation’s internal network with all internal systems, allowing working from home to be possible. |
| | | |
− | ==Configuring OpenVPN from the client-side== | + | ==Configuring OpenVPN from the client-side == |
| ===TLS Certificates=== | | ===TLS Certificates=== |
| *Firstly generate TLS certificates on your Windows Computer, you can find instructions on how to do it [[How to generate TLS certificates (Windows)?|here]]. | | *Firstly generate TLS certificates on your Windows Computer, you can find instructions on how to do it [[How to generate TLS certificates (Windows)?|here]]. |
| *After you've successfully generated TLS certificates you will need to create a '''.ovpn''' file for storing client configurations. Simply open any text editor and follow [[OpenVPN client on Windows|this]] tutorial. | | *After you've successfully generated TLS certificates you will need to create a '''.ovpn''' file for storing client configurations. Simply open any text editor and follow [[OpenVPN client on Windows|this]] tutorial. |
− | *'''Important: in your .ovpn file certificates you will need to copy are:'''[[File:Ovpn1.png|frame]] | + | *'''Important: in your .ovpn file certificates you will need to copy are:''' |
− | **In '''<ca> </ca>''' paste whole certificate from '''/easy-rsa/pki/ca.crt'''
| + | *In '''<ca> </ca>''' paste whole certificate from '''/easy-rsa/pki/ca.crt''' |
− | **IN '''<cert></cert>''' paste whole certificate from '''/easy-rsa/pki/issued/"your_client_name".crt'''
| + | *IN '''<cert></cert>''' paste whole certificate from '''/easy-rsa/pki/issued/"your_client_name".crt''' |
− | **And in the last section '''<key></key>''' paste whole private key from '''/easy-rsa/pki/private/"your_client_name".key'''
| + | * And in the last section '''<key></key>''' paste whole private key from '''/easy-rsa/pki/private/"your_client_name".key''' |
− | **One more thing to change in your .ovpn file is to change the IP address to your router's '''public IP address:'''
| + | *One more thing to change in your .ovpn file is to change the IP address to your router's '''public IP address''' |
− | | + | [[File:Networking rutxxx configuration openvpn certification file.jpg|alt=|border|class=tlt-border]] |
− | | |
− | | |
− | | |
− | *Now you can import your '''.ovpn''' file to the OpenVPN client by right-clicking on OpenVPN GUI in the hidden icons tray and navigating to '''Import > Import File'''.
| |
− | [[File:Ovpn2.png|left|thumb|336x336px]] | |
− | | |
− | | |
| | | |
| + | *Now you can '''Save''' and '''Import''' your '''.ovpn''' file to the OpenVPN client by right-clicking on OpenVPN GUI in the hidden icons tray and navigating to '''Import → Import File'''. |
| + | [[File:Networking rutxxx configuration certificate import.jpg|alt=|border|class=tlt-border]] |
| | | |
− | | + | Do not connect yet to your VPN client, we still have to configure the server. |
− | | |
− | | |
− | | |
− | | |
− | Do not connect yet to your vpn client, we still have to configure the server. | |
| | | |
| ==Configuring OpenVPN from the server-side== | | ==Configuring OpenVPN from the server-side== |
Line 39: |
Line 43: |
| <tr> | | <tr> |
| <th width="355;" style="border-bottom: 1px solid white;"></th> | | <th width="355;" style="border-bottom: 1px solid white;"></th> |
− | <th rowspan="2" width="790;" style="border-bottom: 1px solid white;">[[File:Ovpn3.png|alt=|right|770x770px]]</th> | + | <th rowspan="2" width="790;" style="border-bottom: 1px solid white;">[[File:Networking rutxxx configuration ovpn server creation.jpg|alt=|right|770x770px]]</th> |
| </tr> | | </tr> |
| <tr> | | <tr> |
Line 57: |
Line 61: |
| ---- | | ---- |
| | | |
− | <table class="nd-othertables_2"> | + | <br> |
| + | ----<table class="nd-othertables_2"> |
| <tr> | | <tr> |
| <th width="355;" style="border-bottom: 1px solid white;"></th> | | <th width="355;" style="border-bottom: 1px solid white;"></th> |
− | <th rowspan="2" width="790;" style="border-bottom: 1px solid white;">[[File:Networking_rutx_configuration_examples_l2tp_over_ipsec_windows_10_2_v1.png|770px|right]]</th> | + | <th rowspan="2" width="790;" style="border-bottom: 1px solid white;">[[File:Networking rutxxx configuration ovpn settings.jpg|alt=|border|right|770x770px]]</th> |
| </tr> | | </tr> |
| <tr> | | <tr> |
Line 66: |
Line 71: |
| <ol> | | <ol> |
| <li>'''Enable''' OpenVPN instance.</li> | | <li>'''Enable''' OpenVPN instance.</li> |
− | <li>Change '''Authentication''' to: '''TLS''' | + | <li>Change '''Authentication''' to '''TLS''' |
| + | </li> |
| + | <li>Change '''Encryption''' to '''AES-256-GCM 256''' |
| + | </li><li>Change '''Keep alive''' to '''5 10''' |
| + | </li><li>In '''Virtual network IP address''' type: '''192.168.15.0''' |
| + | </li><li>'''Virtual network netmask''' select: '''255.255.255.0''' |
| + | </li><li>Leave everything else default |
| + | </li></ol> |
| + | </td> |
| + | </tr> |
| + | |
| + | </table> |
| + | <br> |
| + | ----<table class="nd-othertables_2"> |
| + | <tr> |
| + | <th width="355;" style="border-bottom: 1px solid white;"></th> |
| + | <th rowspan="2" width="790;" style="border-bottom: 1px solid white;">[[File:Networking rutxxx configuration ovpn configuration.jpg|alt=|border|right|770x770px]]</th> |
| + | </tr> |
| + | <tr> |
| + | <td style="border-bottom: 1px solid white"> |
| + | <ol> |
| + | <li>The last thing left to do is to upload '''Certificates''', firstly upload '''Certificate authority''' ('''ca.crt''' file)</li> |
| + | <li>Upload '''Server certificate''' ('''server.crt''' file) |
| + | </li> |
| + | <li>Upload '''Server key''' ('''server.key''' file) |
| </li> | | </li> |
− | <li>Change '''Encryption''' to: '''AES-256-GCM 256''' | + | <li>Now upload '''Diffie Hellman parameters''' ('''dh.pem''' file) |
| + | </li> |
| + | <li>Press '''SAVE & APPLY''' button |
| </li></ol> | | </li></ol> |
| </td> | | </td> |
| </tr> | | </tr> |
| </table> | | </table> |
| + | ---- |
| + | ==Connecting to the OpenVPN server == |
| + | |
| + | If everything was configurated correctly your OpenVPN server should be '''Active''': |
| + | [[File:Networking rutxxx configuration ovpn active state.jpg|alt=|border|1008x1008px|class=tlt-border]] |
| + | |
| + | Now let's try to connect from a '''client''' to the '''server'''. |
| + | |
| + | On your Windows machine right-click on '''OpenVPN GUI''' '''→''' Select your client → Press Connect |
| + | |
| + | [[File:Networking rutxxx configuration openvpn connect to the client.jpg|alt=|border|class=tlt-border]] |
| + | |
| + | If the connection was successful then you will get the following notification: |
| + | |
| + | [[File:Networking rutxxx configuration successful connection.jpg|alt=|border|class=tlt-border]] |
| + | |
| + | To test if the connection is working properly on your Windows machine open '''CMD''' and type ping '''192.168.15.1''' (server's VPN IP) you should get a similar response: |
| + | |
| + | [[File:Networking rutxxx configuration cmd ping to the server.jpg|alt=|border|class=tlt-border]] |