Changes

6,474 bytes added , 17:31, 21 July 2020

→‎Configuration overview and prerequisites

Line 3: Line 3:

−

[[File:~~Networking_rutx_configuration_example_openvpn_bridge_use_case_topology_v2~~.png|border|class=tlt-border|750px|right]]</th>

+

[[File:Networking_rutos_configuration_example_openvpn_bridge_use_case_topology_v1.png|border|class=tlt-border|750px|right]]</th>

</tr>

<tr>

Line 17: Line 17:

'''Prerequisites''':

−

* Two RUTX routers

+

* Two RUTX routers (only the versions, which have WiFi)

−

* A Public Static or Public Dynamic IP ~~addresses~~

+

* A Public Static or Public Dynamic IP address

* An end device to configure the router (PC, Laptop, Tablet, Smartphone)

The topology above depicts the OpenVPN scheme. The router with the Public IP address ('''RUTX''') acts as the '''OpenVPN server''' and other '''RUTX''' acts as '''client'''. OpenVPN connects the networks of '''HQ Office''' and '''Remote Office'''. '''Remote Office''' will also have a separate WiFi AP for guests.

−

When the scheme is realized, remote office workers will be able to reach HQ’s internal network with all internal systems by connecting to the router via LAN port or by connecting to WiFi AP, which is used for work. All ~~remote office's WAN and LAN~~ traffic is going to travel through VPN tunnel. ~~There~~ will ~~also be a separate WiFi AP for guests~~, ~~by connecting to~~ it ~~they~~ will ~~only be able~~ to ~~reach WAN~~, but ~~they won't be able to reach HQ’s internal network~~.

+

When the scheme is realized, remote office workers will be able to reach HQ’s internal network with all internal systems by connecting to the router via LAN port or by connecting to a WiFi AP, which is used for work. All traffic apart guest WiFi is going to travel through VPN tunnel. Guest network traffic will go directly to WAN, it will give visitors access to the Internet connection, but nothing else making your company a lot more secure.

==Configuring HQ office router==

Line 121: Line 121:

<tr>

−

~~Now go~~ to '''Services → VPN → OpenVPN'''. There create a new configuration by ~~selecting role~~ '''~~Server~~''', ~~writing~~ '''~~New configuration name~~''' and pressing '''Add''' button. It should appear after a few seconds. Then press '''Edit'''.

+

Go to '''Services → VPN → OpenVPN'''. There create a new configuration by writing '''New configuration name''' (you can type anything you want), selecting role '''Server''' and pressing '''Add''' button. It should appear after a few seconds. Then press '''Edit'''.

</td>

</tr>

Line 143: Line 143:

<li>Select '''Authentication: Static key'''.</li>

<li>Add '''Keep alive''' interval: '''10 120'''.</li>

−

<li>Upload '''Static pre-shared key''' ~~(use the Static.key file you created in previous steps)~~.</li>

+

<li>Upload '''Static pre-shared key'''.</li>

<li>'''Save''' the changes.</li>

</ol>

Line 173: Line 173:

<tr>

−

Go to '''Network → ~~LAN~~''' and press '''Edit''' next to your LAN interface:

+

Go to '''Network → Interfaces''' and press '''Edit''' next to your LAN interface:

</td>

</tr>

Line 208: Line 208:

<tr>

−

Go to '''Services → VPN → OpenVPN'''. There create a new configuration by ~~selecting role~~ '''~~Client~~''', ~~writing~~ '''~~New configuration name~~''' and pressing '''Add''' button. It should appear after a few seconds. Then press '''Edit'''.

+

Go to '''Services → VPN → OpenVPN'''. There create a new configuration by writing '''New configuration name''' (you can type anything you want), selecting role '''Client''' and pressing '''Add''' button. It should appear after a few seconds. Then press '''Edit'''.

</td>

</tr>

Line 231: Line 231:

<li>Write '''Remote host/IP address''' (RUTX OpenVPN server public IP).</li>

<li>Add '''Keep alive''' interval: '''10 120'''.</li>

−

<li>Upload '''Static pre-shared key''' (use the .~~txt file~~ you created ~~in previous~~ steps).</li>

+

<li>Upload '''Static pre-shared key'''.</li>

+

<li>'''Save''' the changes.</li>

+

</ol>

+

</td>

+

</tr>

+

</table>

+

===Guest WiFi===

+

----

+

====Creating a new WiFi AP====

+

----

+

+

<tr>

+

+

<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutos_configuration_example_openvpn_bridge_use_case_10_v1.png|border|class=tlt-border|728px|right]]</th>

+

</tr>

+

<tr>

+

+

Go to '''Network → Wireless'''. There create a new '''WiFi Access Point''' by pressing '''Add''' button (you can use either, 2.4GHz or 5GHz WiFi). Then you will be forwarded to the configuration window.

+

</td>

+

</tr>

+

</table>

+

----

+

+

<tr>

+

+

<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutos_configuration_example_openvpn_bridge_use_case_11_v1.png|border|class=tlt-border|728px|right]]</th>

+

</tr>

+

<tr>

+

+

Apply the following steps:

+

<ol>

+

<li>Disable '''LAN'''.</li>

+

<li>Create a new '''Network''' for guest WiFi.</li>

+

<li>'''Save''' the changes.</li>

+

</ol>

+

</td>

+

</tr>

+

</table>

+

----

+

+

<tr>

+

+

<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutos_configuration_example_openvpn_bridge_use_case_12_v1.png|border|class=tlt-border|728px|right]]</th>

+

</tr>

+

<tr>

+

+

Now go to '''Network → Interfaces''' and press '''Edit''' next to your newly created LAN interface:

+

</td>

+

</tr>

+

</table>

+

----

+

+

<tr>

+

+

<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutos_configuration_example_openvpn_bridge_use_case_13_v1.png|border|class=tlt-border|728px|right]]</th>

+

</tr>

+

<tr>

+

+

Apply the following steps:

+

<ol>

+

<li>Set '''Protocol''' to '''Static'''.</li>

+

<li>Press '''Switch Protocol''' and then more configuration options will appear.</li>

+

</ol>

+

</td>

+

</tr>

+

</table>

+

----

+

+

<tr>

+

+

<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutos_configuration_example_openvpn_bridge_use_case_14_v1.png|border|class=tlt-border|728px|right]]</th>

+

</tr>

+

<tr>

+

+

Now apply the following steps:

+

<ol>

+

<li>Set '''IPv4 Address''' to '''192.168.5.1'''.</li>

+

<li>Select '''IPv4 netmask: 255.255.255.0'''.</li>

+

<li>Press '''Setup DHCP Server''', after that more configuration options will appear, but you can leave those as default or change it to your own liking.</li>

+

<li>'''Save''' the changes.</li>

+

</ol>

+

</td>

+

</tr>

+

</table>

+

====Editing Firewall rules====

+

----

+

+

<tr>

+

+

<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutos_configuration_example_openvpn_bridge_use_case_15_v1.png|border|class=tlt-border|728px|right]]</th>

+

</tr>

+

<tr>

+

+

Navigate to '''Network → Firewall → General Settings'''. There create a new '''Zone''' rule by pressing '''Add''' button. Then you will be forwarded to the configuration window.

+

</td>

+

</tr>

+

</table>

+

----

+

+

<tr>

+

+

<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutos_configuration_example_openvpn_bridge_use_case_16_v1.png|border|class=tlt-border|728px|right]]</th>

+

</tr>

+

<tr>

+

+

Now apply the following steps:

+

<ol>

+

<li>At '''Covered Networks''' section select your newly created LAN interface.</li>

+

<li>Set WAN at '''Allow Forward To Destination Zones''' section.</li>

+

<li>Set WAN at '''Allow Forward From Destination Zones''' section.</li>

+

<li>'''Save''' the changes.</li>

+

</ol>

+

</td>

+

</tr>

+

</table>

+

----

+

+

<tr>

+

+

<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutos_configuration_example_openvpn_bridge_use_case_17_v1.png|border|class=tlt-border|728px|right]]</th>

+

</tr>

+

<tr>

+

+

Go to '''Network → Firewall → Traffic Rules'''. There create a new '''Forward''' rule by writing a '''Name''', selecting '''Source Zone (newzone)''', '''Destination Zone (lan)''' and pressing '''Add''' button. Then you will be forwarded to the configuration window.

+

</td>

+

</tr>

+

</table>

+

----

+

+

<tr>

+

+

<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutos_configuration_example_openvpn_bridge_use_case_18_v1.png|border|class=tlt-border|728px|right]]</th>

+

</tr>

+

<tr>

+

+

Now apply the following steps:

+

<ol>

+

<li>Set '''Protocol''' to '''Any'''.</li>

+

<li>Select '''Action: Drop'''.</li>

<li>'''Save''' the changes.</li>

</ol>

Line 242: Line 402:

<tr>

−

+

−

<th width=~~620~~; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_9_v2.png|border|class=tlt-border|~~550px~~|right]]</th>

+

<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_9_v2.png|border|class=tlt-border|728px|right]]</th>

+

</tr>

+

<tr>

+

+

Remote office should now be able to access HQ network resources. To verify the connection you can ping remote RUTX (HQ server) LAN IP and if you get a reply, you have successfully connected to HQ‘s internal network. Also, all LAN addresses, that belong to the work network (192.168.1.0/24), should now be leased to LAN devices by HQ router.

+

</td>

+

</tr>

+

</table>

+

----

+

+

<tr>

+

+

<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutos_configuration_example_openvpn_bridge_use_case_19_v2.png|border|class=tlt-border|728px|right]]</th>

</tr>

<tr>

−

~~Remote office should now be able~~ to ~~access HQ network resources. To verify~~ the ~~connection~~ you ~~can~~ ping ~~remote RUTX HQ~~ server LAN IP ~~and~~ if ~~you get a reply~~, you ~~have successfully connected to HQ‘s internal network. Also, all LAN addresses~~ should ~~now~~ be ~~leased~~ to ~~the LAN devices by HQ router~~.

+

In order to check the guest WiFi, you simply need to connect to the newly created WiFi AP, then check whether you have internet connectivity and try to ping OpenVPN server LAN IP - if everything is set up correctly, you should not be able to do that.

</td>

</tr>

</table>

Justinasm

0

edits

Namespaces

Variants

Views

More

Search

Changes

Template:Networking rutos configuration example openvpn bridge wifi ap use case (view source)

Revision as of 17:31, 21 July 2020

Navigation menu

Personal tools

NAVIGATION

Tools

Categories