| Line 267: |
Line 267: |
| | | | |
| | '''Note 2''': this method doesn't provide the possibility to send certificates and, therefore, should be used only to edit present OpenVPN instances and not create new ones. --> | | '''Note 2''': this method doesn't provide the possibility to send certificates and, therefore, should be used only to edit present OpenVPN instances and not create new ones. --> |
| − |
| |
| − |
| |
| − | ==OpenVPN TLS configuration example with Windows client==
| |
| − | This is an OpenVPN configuration example with a Windows client ([https://openvpn.net/client/client-connect-vpn-for-windows/ OpenVPN Connect]). This configuration requires the router to have a public IP address (Either static or dynamic IP).
| |
| − |
| |
| − | ===Public IP: Static / Dynamic===
| |
| − | ----If your router have a static public IP address on one of its WAN interfaces, it will be used as the OpenVPN Server address on the client configuration file.
| |
| − |
| |
| − | In case you have a dynamic public IP address, it is recommended to use the '''[[Dynamic DNS]]''' functionality, and use the hostname provided by the DDNS service as the OpenVPN Server address. You can find some Dynamic DNS configuration examples [[DDNS Configuration Examples|here]].
| |
| − |
| |
| − | ===OpenVPN Server configuration===
| |
| − | ----For this example we will be creating a TUN (Tunnel) type connection that uses the UDP protocol for data transfer and TLS Authentication, you can refer to [[How to generate TLS certificates (Windows)?|this]] article for more information about TLS certificates and keys. Here is the router '''RUT1''' OpenVPN configuration ('''Server'''; LAN IP: '''192.168.1.1'''; WAN (Public static) IP: '''213.226.191.61;''' OpenVPN Virtual network will be '''10.0.0.0/24''') :
| |
| − | [[File:OpenVPN-Server-config.png|alt=OpenVPN-Server-Configuration|border]]
| |
| − |
| |
| − | You can add push option ('''route 192.168.1.0 255.255.255.0''') to allow VPN clients to connect to the router LAN network.
| |
| − |
| |
| − | Once the VPN server is ready, It will change its status to Active:
| |
| − |
| |
| − | [[File:Server-Status Active.png|border]]
| |
| − |
| |
| − | ===OpenVPN Windows client configuration===
| |
| − | ----For this step, you'll need to prepare a configuration file folder, it must contain the following files:
| |
| − |
| |
| − | *The root certificate file (Certificate Authority)
| |
| − | *Client certificate
| |
| − | *Client key
| |
| − | *OpenVPN client configuration file (Client_config.ovpn)
| |
| − |
| |
| − | Mainly, it should look like this:
| |
| − |
| |
| − | [[File:Config-Folder.png|border]]
| |
| − |
| |
| − | And this is the content of the OpenVPN client config file:
| |
| − | client
| |
| − | dev '''tun'''
| |
| − | proto '''udp'''
| |
| − | auth '''sha1'''
| |
| − | remote '''213.226.191.61 1194'''
| |
| − | resolv-retry '''infinite'''
| |
| − | nobind
| |
| − | persist-key
| |
| − | persist-tun
| |
| − | ca '''ca.crt'''
| |
| − | cert '''client.crt'''
| |
| − | key '''client.key'''
| |
| − | remote-cert-tls '''server'''
| |
| − | data-ciphers '''BF-CBC'''
| |
| − | cipher '''BF-CBC'''
| |
| − | comp-lzo '''no'''
| |
| − | keepalive '''10 120'''
| |
| − | After saving the configuration file, you can open the '''OpenVPN Connect''' software on your Windows operating system, upload the configuration file, and click connect:
| |
| − |
| |
| − | [[File:OpenVPN-Client-connected.png|border]]
| |
| − |
| |
| − | The OpenVPN Windows client is now connected to the OpenVPN server.
| |
| − |
| |
| − | ===Testing OpenVPN connectivity===
| |
| − | ----From The Windows client side, you can try to ping the Router's LAN IP address ('''192.168.1.1''') and one of his LAN clients ('''192.168.1.167'''):
| |
| − |
| |
| − | [[File:Testing-VPN-Connectivity.png|border]]
| |
| − |
| |
| − | The Windows OpenVPN Client can now Ping the router's LAN Network successfully.
| |
| | | | |
| | ==See also== | | ==See also== |