31,703
edits
Changes
OpenVPN configuration examples (view source)
Revision as of 15:29, 9 March 2018
, 15:29, 9 March 2018→Additional configuration
====Clients from Server====
====Clients from Server====
----
----
Reaching OpenVPN Clients' private networks from the Server is a bit trickier than the opposite, because in order to do so the Server has to be aware of the different specific addresses and Common Names of specific Clients.
====Client to client====
To accomplish this, we can use the '''TLS Clients''' function. TLS Clients is a way to more specifically differentiate Clients by their Common Name (CN) found in the client certificate file. It can be used to assign specific VPN addresses to specific Clients and bind them to their LAN addresses so that other devices in the Client‘s LAN can be reached from the Server.
In other words, TLS Clients binds Common Names (found in Client certificates) to Clients' private networks. If the certificate hasn't been tampered with in any after generation, the Common name should be the same as the file name (without the file type extension). For example, a certificate called '''client1.crt''' will likely have the Common Name of '''client1'''. But just to be sure you can open the certificate and check:
[[File:Checking common name.png]]
Once you know the Common Names and LAN IP Addresses of your OpenVPN Clients, you can create TLS Clients instances for each of them:
[[File:Services vpn openvpn tlsclients.PNG]]
In addition, with TLS Clients you can manually assign Virtual local and remote endpoint addresses for the Clients. But these fields are not mandatory and the addresses will be assigned automatically if they are left unchecked.
====Client to Client====
----
----
For Client to Client communication to work you have to do three things:
* Create unique TLS Clients instances for each of the Clients
* Push the necessary routes via the Push option field
* Enable Client to Client functionality in the Server's configuration
=====TLS Clients=====
----
First, configure TLS Clients. You can find the description on how to do that in the section before this one. This is necessary in the case of multiple Clients because the Server will not only be pushing the routes of other Clients but also the routes to the Clients' own networks to their routing tables. This would cause the Clients' routers to be unreachable until the OpenVPN connection is terminated.
TLS Clients solves this problem, because the configuration then "tells" the router not push certain routes to certain Clients. For example, if a router pushes the route '''192.168.5.0 255.255.555.0''' to Client whose LAN IP address is 192.168.5.1, that Client will not be able to reach its network. TLS Clients prevents this - if a Client, for example, has the LAN IP address of 192.168.5.1, he will not receive the ''route 192.168.5.0 255.255.555.0''.
===OpenVPN Proxy===
===OpenVPN Proxy===
----
----
OpenVPN Servers can be used as Proxies by OpenVPN Clients. This means that the client will be assigned the Public IP address of the OpenVPN server and will be seen as using that IP address when browsing the Internet, transferring data or doing any other online activities. This section provides direction on how to set up and OpenVPN Proxy on RUT routers.
OpenVPN Servers can be used as Proxies by OpenVPN Clients. This means that the client will be assigned the Public IP address of the OpenVPN server and will be seen as using that IP address when browsing the Internet, transferring data or doing any other online activities. This section provides direction on how to set up and OpenVPN Proxy on RUT routers.
