1,108
edits
Changes
Template:Networking rutx configuration example openvpn bridge use case (view source)
Revision as of 09:28, 27 January 2023
, 09:28, 27 January 2023no edit summary
<th width=325; style="border-bottom: 1px solid white;></th>
<th width=325; style="border-bottom: 1px solid white;></th>
<th width=820; style="border-bottom: 1px solid white;" rowspan=2;>
<th width=820; style="border-bottom: 1px solid white;" rowspan=2;>
[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_topology_v1.png|border|class=tlt-border|750px|right]]</th>
[[File:Networking_rutx_configuration_example_openvpn_bridge_use_case_topology_v2.png|border|class=tlt-border|750px|right]]</th>
</tr>
</tr>
<tr>
<tr>
===OpenVPN===
===OpenVPN===
----
----
====Generating static key====
====Generating Static key====
----
----
<tr>
<tr>
<th width=355; style="border-bottom: 1px solid white;></th>
<th width=355; style="border-bottom: 1px solid white;></th>
<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutx_configuration_example_openvpn_bridge_use_case_2_v1.png|770px|right]]</th>
<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutx_configuration_example_openvpn_bridge_use_case_2_v2.png|770px|right]]</th>
</tr>
</tr>
<tr>
<tr>
<td style="border-bottom: 1px solid white>
<td style="border-bottom: 1px solid white>
Write the following commands to create and open OpenVPN '''Static key''', which will be used for authentication:
Write the following commands to create OpenVPN '''Static key''', which will be used for authentication:
1) cd /etc/easy-rsa
1) cd /etc/easy-rsa
2) openvpn --genkey --secret static.key
2) openvpn --genkey --secret static.key
</td>
</td>
</tr>
</tr>
</table>
</table>
====Extracting the key====
====Extracting the key====
----
----
====Linux====
=====Linux=====
----
----
If you are using a Linux-based OS, extracting files from the router is simple. Just go to the directory on your PC where you want to relocate the files, right click anywhere and choose the '''Open in Terminal''' option. In the Terminal command line use the '''Secure Copy''' ('''scp''') command to copy the files from the router. The full command should look something like this:
If you are using a Linux-based OS, extracting files from the router is simple. Just go to the directory on your PC where you want to relocate the files, right click anywhere and choose the '''Open in Terminal''' option. In the Terminal command line use the '''Secure Copy''' ('''scp''') command to copy the files from the router. The full command should look something like this:
$ scp [email protected]:/etc/easy-rsa/keys/static.key ./
$ scp [email protected]:/etc/easy-rsa/static.key ./
The '''[email protected]:/etc/easy-rsa/keys/static.key''' specifies the path to where the Static key is located (replace the IP address with your router's LAN IP); the '''./''' denotes that you want to copy the contents to the directory you are in at the moment.
The '''[email protected]:/etc/easy-rsa/static.key''' specifies the path to where the Static key is located (replace the IP address with your router's LAN IP); the '''./''' denotes that you want to copy the contents to the directory you are in at the moment.
====Windows====
=====Windows=====
----
----
<tr>
<tr>
<td style="border-bottom: 1px solid white>
<td style="border-bottom: 1px solid white>
If you are using Windows, you can copy files from the router using '''WinSCP''', an Open source freeware SFTP, SCP and FTP client for Windows OS. Use the same login information with WinSCP as with CLI or SSH. Once you've connected to the router with WinSCP, copying the files should be simple enough: just relocate to directory where you generated the key, select the Static key file and drag it to directory on your PC where you would like to store it.
If you are using Windows, you can copy files from the router using '''WinSCP''', an Open source freeware SFTP, SCP and FTP client for Windows OS. Use the same login information with WinSCP as with CLI or SSH.
'''Please note''': You must select '''SCP''' as File Protocol in WinSCP Session settings.
'''Please note''': You must select '''SCP''' as File Protocol in WinSCP Session settings.
----
----
<table class="nd-othertables_2">
<tr>
<th width=355; style="border-bottom: 1px solid white;></th>
<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Winscp interface example.PNG|770px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white>
Once you've connected to the router with WinSCP, copying the files should be simple enough: just go to '''/etc/easy-rsa/''', select the Static key file and drag it to directory on your PC where you would like to store it.
</td>
</tr>
</table>
====Configuring OpenVPN server====
====Configuring OpenVPN server====
<li>Select '''Authentication: Static key'''.</li>
<li>Select '''Authentication: Static key'''.</li>
<li>Add '''Keep alive''' interval: '''10 120'''.</li>
<li>Add '''Keep alive''' interval: '''10 120'''.</li>
<li>Upload '''Static pre-shared key''' (use the .txt file you created in previous steps).</li>
<li>Upload '''Static pre-shared key'''.</li>
<li>'''Save''' the changes.</li>
<li>'''Save''' the changes.</li>
</ol>
</ol>
==Configuring remote office router==
==Configuring remote office router==
===OpenVPN===
Before you start configuring the remote office router, set a static IP address on the device you are configuring the router with (e.g. 192.168.1.10). You can find instructions on how to do that here:
[[Setting_up_a_Static_IP_address_on_a_Ubuntu_16.04_PC|Ubuntu]]
[[Setting up a Static IP address on a Windows 10 PC|Windows]]
<span style="color: red;">'''Note: make sure to switch back to automatic DNS and IP address obtaining when you are done configuring the router.'''</span>
===LAN===
----
----
<tr>
<tr>
<th width=355; style="border-bottom: 1px solid white;></th>
<th width=355; style="border-bottom: 1px solid white;></th>
<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutx_configuration_example_openvpn_bridge_use_case_6_v1.png|770px|right]]</th>
<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutx_configuration_example_openvpn_bridge_use_case_8_v1.png|770px|right]]</th>
</tr>
</tr>
<tr>
<tr>
<td style="border-bottom: 1px solid white>
<td style="border-bottom: 1px solid white>
Go to '''Services → VPN → OpenVPN'''. There create a new configuration by selecting role '''Client''', writing '''New configuration name''' and pressing '''Add''' button. It should appear after a few seconds. Then press '''Edit'''.
Go to '''Network → LAN''' and press '''Edit''' next to your LAN interface:
</td>
</td>
</tr>
</tr>
<tr>
<tr>
<th width=355; style="border-bottom: 1px solid white;></th>
<th width=355; style="border-bottom: 1px solid white;></th>
<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutx_configuration_example_openvpn_bridge_use_case_7_v1.png|770px|right]]</th>
<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutx_configuration_example_openvpn_bridge_use_case_9_v1.png|770px|right]]</th>
</tr>
</tr>
<tr>
<tr>
<td style="border-bottom: 1px solid white>
<td style="border-bottom: 1px solid white>
Apply the following steps:
<ol>
<ol>
<li>'''Enable''' instance.</li>
<li>Change your '''LAN IP address''' to: '''192.168.1.2</li>
<li>Disable '''DHCP'''.</li>
<li>Upload '''Static pre-shared key''' (use the .txt file you created in previous steps).</li>
<li>'''Save''' the changes.</li>
<li>'''Save''' the changes.</li>
</ol>
</ol>
</table>
</table>
===LAN===
===OpenVPN===
----
====Configuring OpenVPN client====
----
----
<tr>
<tr>
<th width=355; style="border-bottom: 1px solid white;></th>
<th width=355; style="border-bottom: 1px solid white;></th>
<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutx_configuration_example_openvpn_bridge_use_case_8_v1.png|770px|right]]</th>
<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutx_configuration_example_openvpn_bridge_use_case_6_v1.png|770px|right]]</th>
</tr>
</tr>
<tr>
<tr>
<td style="border-bottom: 1px solid white>
<td style="border-bottom: 1px solid white>
Go to '''Services → VPN → OpenVPN'''. There create a new configuration by selecting role '''Client''', writing '''New configuration name''' and pressing '''Add''' button. It should appear after a few seconds. Then press '''Edit'''.
</td>
</td>
</tr>
</tr>
<tr>
<tr>
<th width=355; style="border-bottom: 1px solid white;></th>
<th width=355; style="border-bottom: 1px solid white;></th>
<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutx_configuration_example_openvpn_bridge_use_case_9_v1.png|770px|right]]</th>
<th width=790; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rutx_configuration_example_openvpn_bridge_use_case_7_v2.png|770px|right]]</th>
</tr>
</tr>
<tr>
<tr>
<td style="border-bottom: 1px solid white>
<td style="border-bottom: 1px solid white>
Now apply the following configuration:
<ol>
<ol>
<li>Change your '''LAN IP address''' to: '''192.168.1.2</li>
<li>'''Enable''' instance.</li>
<li>Disable '''DHCP'''.</li>
<li>Set '''TUN/TAP''' to '''TAP (bridged)'''.</li>
<li>Enable '''LZO'''.</li>
<li>Select '''Authentication: Static key'''.</li>
<li>Write '''Remote host/IP address''' (RUTX OpenVPN server public IP).</li>
<li>Add '''Keep alive''' interval: '''10 120'''.</li>
<li>Upload '''Static pre-shared key'''.</li>
<li>'''Save''' the changes.</li>
<li>'''Save''' the changes.</li>
</ol>
</ol>