73
edits
Changes
mLine 22:
Line 22: + + + + + + − + Line 31:
Line 37: − + − + − + − − Connect to WebUI and enable Advanced mode − − [[File:Networking rutos manual webui basic advanced mode 75.gif|none|border|center|class=tlt-border]] Line 62:
Line 64: − + Line 68:
Line 70: − + − −   1. Add a new OpenVPN instance with a Client role − −   2. Create an OpenVPN client with these settings − Line 83:
Line 80: − + Line 135:
Line 132: − + − + − + − + − + − +
no edit summary
<li> Client 3 VPN tunnel address - 10.0.0.14, LAN device address - 192.168.30.178</li>
<li> Client 3 VPN tunnel address - 10.0.0.14, LAN device address - 192.168.30.178</li>
</ul>
</ul>
=Advanced mode=
If You have trouble seeing any of the settings, be sure to enable "'''Advanced mode'''"
[[File:Networking rutos manual webui basic advanced mode 75.gif|none|border|center|class=tlt-border]]
=Generating certificates for an OpenVPN server=
=Generating certificates for an OpenVPN server=
Navigate to '''System → Administration → Certificates'''
Navigate to '''System → Administration → Certificates → Generate Certificate'''
  1. Generate 2 certificates . Recommended key size is at least '''2048 bits''' for security reasons:
  1. Generate 2 certificates . Recommended key size is at least '''2048 bits''' for security reasons:
   1.1. CA
   1.1. CA
   1.2 Server
   1.2. Server
  2.In Certificate Manager download Server certificate
  2. In Certificate Manager download Server certificate
There are multiple methods of how certificates could be generated, you could follow this tutorial instead:
There are multiple methods of how certificates could be generated, you could follow this tutorial instead:
[[How to generate TLS certificates (Windows)?]]
[[How to generate TLS certificates (Windows)?]]
[[File:Certificate download v3.png|none|border|left|class=tlt-border]]
[[File:Certificate download v4.png|none|border|left|class=tlt-border]]
For any OpenVPN clients, You will need to generate “Client” certificates, download certificate and key, and send them to the client
For any OpenVPN clients, You will need to generate “Client” certificates, download certificate and key, and send them to the client
=Creating an OpenVPN server=
=Creating an OpenVPN server=
Navigate to '''Services -> VPN -> OpenVPN''', Add a new OpenVPN instance with a Server role with these settings
Navigate to '''Services -> VPN -> OpenVPN''', Add a new OpenVPN instance with a Server role with these settings
Press '''"Save & Apply"''', enable OpenVPN server and check if the server is online
Press '''"Save & Apply"''', enable OpenVPN server and check if the server is online.
[[File:OpenVPN server is online v3.png|none|border|left|class=tlt-border]]
[[File:OpenVPN server is online v3.png|none|border|left|class=tlt-border]]
=Connecting clients to the OpenVPN server=
=Connecting clients to the OpenVPN server=
Navigate to '''Services -> VPN -> OpenVPN'''
Navigate to '''Services -> VPN -> OpenVPN'''. Add a new OpenVPN instance with a Client role with these settings
[[File:OpenVPN Client1 v3.png|none|border|center|class=tlt-border]]
[[File:OpenVPN Client1 v3.png|none|border|center|class=tlt-border]]
   1) '''Remote host/IP address''' - Public IP of the OpenVPN server's router
   1) '''Remote host/IP address''' - Public IP of the OpenVPN server's router
   3) '''Remote network netmask''' - 255.255.255.224
   3) '''Remote network netmask''' - 255.255.255.224
   4) '''Add the certificates from the OpenVPN server''' - Certificate Authority, Client certificate, and Client key which we downloaded in the Certificate Generation step
   4) '''Add the certificates from the OpenVPN server''' - Certificate Authority, Client certificate, and Client key which we downloaded in the Certificate Generation step.
   1. '''Protocol''' - All protocols
   1) '''Protocol''' - All protocols
   2. '''Source zone''' - OpenVPN
   2) '''Source zone''' - OpenVPN
   3. '''Source IP''' - OpenVPN remote IP and LAN subnet of client 3
   3) '''Source IP''' - OpenVPN remote IP and LAN subnet of client 3
   4. '''Destination zone''' - OpenVPN
   4) '''Destination zone''' - OpenVPN
   5. '''Destination address''' - other client OpenVPN remote endpoints and LAN subnets
   5) '''Destination address''' - other client OpenVPN remote endpoints and LAN subnets
   6. '''Action''' - Deny
   6) '''Action''' - Deny