489
edits
Changes
OpenVPN configuration examples RUT R 00.07 (view source)
Revision as of 10:52, 16 May 2022
, 10:52, 16 May 2022no edit summary
*Enable Client to Client functionality in the Server's configuration
*Enable Client to Client functionality in the Server's configuration
====='''TLS Clients'''=====
=====TLS Clients=====
----
----
First, configure TLS Clients. You can find the description on how to do that in the section before this one ('''[[OpenVPN_configuration_examples#Clients_from_Server|here]]'''). This is necessary in the case of multiple Clients because the Server will not only be pushing the routes of other Clients but also the routes to the Clients' own networks to their routing tables. This would cause the Clients' routers to be unreachable until the OpenVPN connection is terminated.
First, configure TLS Clients. You can find the description on how to do that in the section before this one ('''[[OpenVPN_configuration_examples#Clients_from_Server|here]]'''). This is necessary in the case of multiple Clients because the Server will not only be pushing the routes of other Clients but also the routes to the Clients' own networks to their routing tables. This would cause the Clients' routers to be unreachable until the OpenVPN connection is terminated.
----
----
Next, go to the '''Network → Firewall → Zone Forwarding section. Click the '''Edit''' button located next to the '''vpn''' rule and in the subsequent window add a checkmark next to '''wan''' as such:'''
Next, go to the '''Network → Firewall → Zone Forwarding section. Click the '''Edit''' button located next to the '''vpn''' rule and in the subsequent window add a checkmark next to '''wan''' as such:'''
[[File:Networking rut configuration openvpn firewall v1.jpg|alt=|border|class=tlt-border]]
his will redirect all WAN traffic through the OpenVPN tunnel.
To test this out, on the device behind the OpenVPN Client go to '''http://www.whatsmyip.org/'''. If the website shows the Public IP address of the OpenVPN server, it means the Proxy works.
==Remote configuration==
If you don't have physical or local access in general to the router, there are a few options to configure OpenVPN instances remotely.
===Remote HTTP===
----
You can access your router's WebUI from remote locations by enabling the '''Remote HTTP''' option in the '''[[RUT950_Administration#Access_Control|System → Administration → Access Control]]'''. This will only work, however, if you have a Public Static or Public Dynamic IP (not Public Shared; more on IP address types '''[[Private_and_Public_IP_Addresses#Public_IP_address|here]]'''.
You can also enable the SMS Utilities '''web''' rule. More on that '''[[SMS_Utilities#Web_access_Control|here]]'''.
'''Note''': before enabling any type of remote access it is highly recommended that you change the router's default admin password to minimize the risk of malicious remote connections. You can change your password in the '''[[RUT950_Administration#General|System → Administration → General]]''' section.
===Remote Configuration (SMS Utilities)===
----
You can send OpenVPN configurations via '''Remote Configuration''' tool located in the '''Services → SMS Utilities''' section. This method allows you to configure OpenVPN (among other things) just as you would in the OpenVPN section and then send these configurations to another router via SMS. The configuration method is identical to regular OpenVPN configuration. Therefore, additional instructions will not be provided here, but you can find more information on the subject of Remote Configuration '''[[SMS_Utilities#Send_Configuration|here]]'''.
===UCI===
----
Yet another method would be using the SMS Utilities '''uci''' rule. You can find information on the rule itself '''[[SMS_Utilities#UCI_API_rule|SMS Utilities manual article]]''' and more detailed information the UCI System in general '''[[UCI_command_usage|here]]'''.
<!--In addition we will provide the basic configurations for OpenVPN Server and Client discussed in this article in "UCI form". This includes OpenVPN TLS, Static key, TUN, TAP configurations for both Server and Client. You can download the text file with these configurations if you follow this link: '''[[Media:ovpn]]'''
'''Note''': remember to change the section and option names and their values according to your own configuration.
'''Note 2''': this method doesn't provide the possibility to send certificates and, therefore, should be used only to edit present OpenVPN instances and not create new ones. -->
==See also==
*[[How to generate TLS certificates (Windows)?]]
*[[OpenVPN client on Windows]]
*[[OpenVPN client on Linux]]
*[[OpenVPN server on Windows]]
*[[OpenVPN traffic split]]
*Other types of VPNs suported by RUTxxx devices:
**[[IPsec configuration examples]]
**[[GRE Tunnel configuration examples]]
**[[PPTP configuration examples]]
**[[L2TP configuration examples]]
==External links==
https://github.com/OpenVPN/easy-rsa-old - Easy-RSA download
https://winscp.net/eng/download.php - WinSCP download
https://openvpn.net/index.php/open-source/documentation/howto.html - some additional information on OpenVPNs
http://www.whatsmyip.org/