Difference between revisions of "Connecting to the office network remotely from your home via VPN (OpenVPN) using RUTX"

From Teltonika Networks Wiki
Line 22: Line 22:
  
  
*Now you can import your '''.ovpn''' file to the OpenVPN client by right-clicking on OpenVPN GUI in the hidden icons tray and navigating to '''Import > Import File'''.
+
*Now you can import your '''.ovpn''' file to the OpenVPN client by right-clicking on OpenVPN GUI in the hidden icons tray and navigating to '''Import Import File'''.
 
[[File:Ovpn2.png|left|thumb|336x336px]]
 
[[File:Ovpn2.png|left|thumb|336x336px]]
  
Line 33: Line 33:
  
  
Do not connect yet to your vpn client, we still have to configure the server.
+
Do not connect yet to your VPN client, we still have to configure the server.
  
 
==Configuring OpenVPN from the server-side==
 
==Configuring OpenVPN from the server-side==
Line 57: Line 57:
 
----
 
----
  
<table class="nd-othertables_2">
+
<br>
 +
----<table class="nd-othertables_2">
 
     <tr>
 
     <tr>
 
         <th width="355;" style="border-bottom: 1px solid white;"></th>
 
         <th width="355;" style="border-bottom: 1px solid white;"></th>
         <th rowspan="2" width="790;" style="border-bottom: 1px solid white;">[[File:Networking_rutx_configuration_examples_l2tp_over_ipsec_windows_10_2_v1.png|770px|right]]</th>
+
         <th rowspan="2" width="790;" style="border-bottom: 1px solid white;">[[File:Ovpn4.png|alt=|right|770x770px]]</th>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
Line 66: Line 67:
 
<ol>
 
<ol>
 
     <li>'''Enable''' OpenVPN instance.</li>
 
     <li>'''Enable''' OpenVPN instance.</li>
     <li>Change '''Authentication''' to: '''TLS'''
+
     <li>Change '''Authentication''' to '''TLS'''
 +
</li>
 +
    <li>Change '''Encryption''' to '''AES-256-GCM 256'''
 +
</li><li>Change '''Keep alive''' to '''5 10'''
 +
</li><li>In '''Virtual network IP address''' type: '''192.168.15.0'''
 +
</li><li>'''Virtual network netmask''' select: '''255.255.255.0'''
 +
</li><li>Leave everything else default
 +
</li></ol>
 +
        </td>
 +
    </tr>
 +
 
 +
</table>
 +
<br>
 +
----<table class="nd-othertables_2">
 +
    <tr>
 +
        <th width="355;" style="border-bottom: 1px solid white;"></th>
 +
        <th rowspan="2" width="790;" style="border-bottom: 1px solid white;">[[File:Ovpn5.png|alt=|right|770x770px]]</th>
 +
    </tr>
 +
    <tr>
 +
        <td style="border-bottom: 1px solid white">
 +
<ol>
 +
    <li>The last thing left to do is to upload '''Certificates''', firstly upload '''Certificate authority''' ('''ca.crt''' file)</li>
 +
    <li>Upload '''Server certificate''' ('''server.crt''' file)
 
</li>
 
</li>
     <li>Change '''Encryption''' to: '''AES-256-GCM 256'''
+
     <li>Upload '''Server key''' ('''server.key''' file)
 +
</li>
 +
    <li>Now upload '''Diffie Hellman parameters''' ('''dh.pem''' file)
 +
</li>
 +
    <li>Press '''SAVE & APPLY''' button
 
</li></ol>
 
</li></ol>
 
         </td>
 
         </td>
 
     </tr>
 
     </tr>
 
</table>
 
</table>
 +
----
 +
==Connecting to the OpenVPN server==
 +
 +
If everything was configurated correctly your OpenVPN server should be '''Active''':
 +
[[File:Ovpn6.png|center|thumb|1110x1110px]]
 +
Now let's try to connect from a '''client''' to the '''server'''.
 +
 +
On your Windows machine right-click on '''OpenVPN GUI''' '''→''' Select your client → Press Connect
 +
[[File:Ovpn7.png|left|thumb|432x432px]]
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
If connection was successfull then you will get following notification:
 +
[[File:Ovpn8.png|left|thumb|357x357px]]
 +
 +
 +
 +
 +
 +
 +
 +
 +
To test if connection is working properly on your Windows machine open '''CMD''' and type ping '''192.168.15.1''' (server's VPN IP) you should get similar response:
 +
[[File:Cmd ping.png|center|thumb|473x473px]]

Revision as of 09:36, 20 April 2022

Configuration overview and prerequisites

Prerequisites:

  • One RUTX router of any type
  • A Public Static or Public Dynamic IP addresses
  • At least one end device with Windows 10


The topology above depicts the OpenVPN scheme. - The router with the Public IP address (RUTX11) acts as the OpenVPN server and the Windows 10 device acts as a client. OpenVPN connects the networks of RUTX11 and Windows 10 clients.

When the scheme is realized, home workers will be able to reach the corporation’s internal network with all internal systems, allowing working from home to be possible.

Configuring OpenVPN from the client-side

TLS Certificates

  • Firstly generate TLS certificates on your Windows Computer, you can find instructions on how to do it here.
  • After you've successfully generated TLS certificates you will need to create a .ovpn file for storing client configurations. Simply open any text editor and follow this tutorial.
  • Important: in your .ovpn file certificates you will need to copy are:
    Ovpn1.png
    • In <ca> </ca> paste whole certificate from /easy-rsa/pki/ca.crt
    • IN <cert></cert> paste whole certificate from /easy-rsa/pki/issued/"your_client_name".crt
    • And in the last section <key></key> paste whole private key from /easy-rsa/pki/private/"your_client_name".key
    • One more thing to change in your .ovpn file is to change the IP address to your router's public IP address:



  • Now you can import your .ovpn file to the OpenVPN client by right-clicking on OpenVPN GUI in the hidden icons tray and navigating to Import → Import File.
Ovpn2.png





Do not connect yet to your VPN client, we still have to configure the server.

Configuring OpenVPN from the server-side

Login to the router's WebUI and navigate to the Services → VPN → OPENVPN page and do the following:

  1. Enter a custom configuration name
  2. Select Role: Server.
  3. Click the Add button.
  4. Click the Edit button next to the newly created OpenVPN instance.


  1. Enable OpenVPN instance.
  2. Change Authentication to TLS
  3. Change Encryption to AES-256-GCM 256
  4. Change Keep alive to 5 10
  5. In Virtual network IP address type: 192.168.15.0
  6. Virtual network netmask select: 255.255.255.0
  7. Leave everything else default


  1. The last thing left to do is to upload Certificates, firstly upload Certificate authority (ca.crt file)
  2. Upload Server certificate (server.crt file)
  3. Upload Server key (server.key file)
  4. Now upload Diffie Hellman parameters (dh.pem file)
  5. Press SAVE & APPLY button

Connecting to the OpenVPN server

If everything was configurated correctly your OpenVPN server should be Active:

Ovpn6.png

Now let's try to connect from a client to the server.

On your Windows machine right-click on OpenVPN GUI Select your client → Press Connect

Ovpn7.png






If connection was successfull then you will get following notification:

Ovpn8.png





To test if connection is working properly on your Windows machine open CMD and type ping 192.168.15.1 (server's VPN IP) you should get similar response:

Cmd ping.png
Retrieved from "https://wiki.teltonika-networks.com/index.php?title=Connecting_to_the_office_network_remotely_from_your_home_via_VPN_(OpenVPN)_using_RUTX&oldid=90727"