Changes

OpenVPN configuration examples (view source)

Revision as of 16:55, 9 March 2018

2,079 bytes added ,  16:55, 9 March 2018
no edit summary
Line 218: Line 218:  
OpenVPN Servers can be used as Proxies by OpenVPN Clients. This means that the client will be assigned the Public IP address of the OpenVPN server and will be seen as using that IP address when browsing the Internet, transferring data or doing any other online activities. This section provides direction on how to set up and OpenVPN Proxy on RUT routers.
 
OpenVPN Servers can be used as Proxies by OpenVPN Clients. This means that the client will be assigned the Public IP address of the OpenVPN server and will be seen as using that IP address when browsing the Internet, transferring data or doing any other online activities. This section provides direction on how to set up and OpenVPN Proxy on RUT routers.
    +
====Push options====
 +
----
 +
The first thing that you have to do is configure Push options in the OpenVPN Server configuration that will change the Clients' default WAN route to OpenVPN and set the DNS server to the OpenVPN Server's LAN IP. To do so open the OpenVPN configuration window and add these options to the Push option field:
 +
 +
'''redirect-gateway def1'''
 +
'''dhcp-option DNS 192.168.1.1'''
 +
 +
In this context 192.168.1.1 is the OpenVPN Server's LAN IP address. Replace this value with your own Server's LAN IP address.
 +
 +
====Firewall Zone Forwarding====
 +
----
 +
Next, go to the '''Network → Firewall → Zone Forwarding section. Click the '''Edit''' button located next to the '''vpn''' rule and in the subsequent window add a check mark next to '''wan''' as such:
 +
 +
[[File:Zone forwarding.png]]
 +
 +
This will redirect all WAN traffic through the OpenVPN tunnel.
 +
 +
To test this out, on device behind the OpenVPN Client go to '''http://www.whatsmyip.org/'''. If the website shows the Public IP address of the OpenVPN server, it means the Proxy works.
 
==Remote configuration==
 
==Remote configuration==
   −
If you don't have physical or local access in general to the router, there are a few options to configure OpenVPN instances remotely.
+
If you don't have physical or local access in general to the router, there are a few options to configure OpenVPN instances remotely.  
    
===Remote HTTP===
 
===Remote HTTP===
Line 229: Line 247:     
'''Note''': before enabling any type of remote access it is highly recommended that you change the router's default admin password to minimize the risk of malicious remote connections. You can change your password in the '''[[RUT950_Administration#General|System → Administration → General]]''' section.   
 
'''Note''': before enabling any type of remote access it is highly recommended that you change the router's default admin password to minimize the risk of malicious remote connections. You can change your password in the '''[[RUT950_Administration#General|System → Administration → General]]''' section.   
====Remote Configuration (SMS Utilities)====
+
===Remote Configuration (SMS Utilities)===
 
----
 
----
 
You can send OpenVPN configurations via '''Remote Configuration''' tool located in the '''Services → SMS Utilities''' section. This method allows you to configure OpenVPN (among other things) just as you would in the OpenVPN section and then send these configurations to another router via SMS. The configuration method is identical to regular OpenVPN configuration. Therefore, additional instructions will not be provided here, but you can find more information on the subject of Remote Configuration '''[[SMS_Utilities#Send_Configuration|here]]'''.
 
You can send OpenVPN configurations via '''Remote Configuration''' tool located in the '''Services → SMS Utilities''' section. This method allows you to configure OpenVPN (among other things) just as you would in the OpenVPN section and then send these configurations to another router via SMS. The configuration method is identical to regular OpenVPN configuration. Therefore, additional instructions will not be provided here, but you can find more information on the subject of Remote Configuration '''[[SMS_Utilities#Send_Configuration|here]]'''.
   −
====UCI====
+
===UCI===
 
----
 
----
 +
Yet another method would be using the SMS Utilities '''uci''' rule. You can find information on the rule itself '''[[SMS_Utilities#UCI_API_rule|SMS Utilities manual article]]''' and more detailed information the UCI System in general '''[[UCI_command_usage|here]]'''.
 +
 +
In addition we will provide the basic configurations for OpenVPN Server and Client discussed in this article in "UCI form". This includes OpenVPN TLS, Static key, TUN, TAP configurations for both Server and Client. You can download the text file with these configurations if you follow this link: '''[[Media:ovpn]]'''
 +
 +
'''Note''': this method doesn't provide the possibility to send certificates and, therefore, should be used only to edit present OpenVPN instances and not create new ones.
 +
==External links==
 +
 +
https://github.com/OpenVPN/easy-rsa-old - Easy-RSA download
 +
 +
https://winscp.net/eng/download.php - WinSCP download
 +
 +
https://openvpn.net/index.php/open-source/documentation/howto.html - some additional information on OpenVPNs
 +
 +
http://www.whatsmyip.org/
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/5731"

Navigation menu