| Line 4: |
Line 4: |
| | | series = RUT9xx | | | series = RUT9xx |
| | <!--------------------------------OPENVPN-------------------------------> | | <!--------------------------------OPENVPN-------------------------------> |
| − | | file_openvpn_client_config = Networking_rutxxx_vpn_openvpn_client_configuration_v1.png | + | | file_openvpn_client_config = Networking_rutxxx_vpn_openvpn_client_configuration_v2.png |
| − | | file_openvpn_server_config = Networking_rutxxx_vpn_openvpn_server_configuration_v1.png | + | | file_openvpn_server_config = Networking_rutxxx_vpn_openvpn_server_configuration_v2.png |
| − | | file_openvpn_tls_clients_config = Networking_rutxxx_vpn_openvpn_tls_clients_configuration_v1.png | + | | file_openvpn_tls_clients_config = Networking_rutxxx_vpn_openvpn_tls_clients_configuration_v2.png |
| | <!---------------------------------IPsec--------------------------------> | | <!---------------------------------IPsec--------------------------------> |
| − | | file_ipsec_config = Networking_rutxxx_vpn_ipsec_ipsec_configuration_v1.png | + | | file_ipsec_config = Networking_rutxxx_vpn_ipsec_ipsec_configuration_v2.png |
| − | | file_ipsec_phase = Networking_rutxxx_vpn_ipsec_ipsec_configuration_phase_v1.png | + | | file_ipsec_phase = Networking_rutxxx_vpn_ipsec_ipsec_configuration_phase_v2.png |
| − | | file_ipsec_psk = Networking_rutxxx_vpn_ipsec_pre-shared_keys_v1.png | + | | file_ipsec_psk = Networking_rutxxx_vpn_ipsec_pre-shared_keys_v2.png |
| | | file_ipsec_main_mode = Networking_device_vpn_ipsec_main_mode_scheme_v3.png | | | file_ipsec_main_mode = Networking_device_vpn_ipsec_main_mode_scheme_v3.png |
| | | file_ipsec_aggressive_mode = Networking_device_vpn_ipsec_aggressive_mode_scheme_v4.png | | | file_ipsec_aggressive_mode = Networking_device_vpn_ipsec_aggressive_mode_scheme_v4.png |
| | + | <!-------------------------------GRE Tunnel-----------------------------> |
| | + | | file_gre_config_main = Networking_rutxxx_vpn_gre_gre_configuration_main_settings_v1.png |
| | + | | file_gre_config_routing = Networking_rutxxx_vpn_gre_gre_configuration_routing_settings_v1.png |
| | + | <!---------------------------------PPTP---------------------------------> |
| | + | | file_pptp_client_config = Networking_rutxxx_vpn_pptp_client_configuration_v1.png |
| | + | | file_pptp_server_config = Networking_rutxxx_vpn_pptp_server_configuration_v1.png |
| | + | <!---------------------------------L2TP---------------------------------> |
| | + | | file_l2tp_client_config = Networking_rutxxx_vpn_l2tp_client_configuration_v1.png |
| | + | | file_l2tp_server_config = Networking_rutxxx_vpn_l2tp_server_configuration_v1.png |
| | + | <!---------------------------------DMVPN--------------------------------> |
| | + | | file_dmvpn_config = Networking_rutx_vpn_dmvpn_dmvpn_parameters_configuration_v1.png |
| | + | | file_dmvpn_gre_config = Networking_rutxxx_vpn_dmvpn_gre_parameters_configuration_v1.png |
| | + | | file_dmvpn_ipsec_config = Networking_rutxxx_vpn_dmvpn_ipsec_parameters_configuration_v1.png |
| | + | | file_dmvpn_nhrp_config = Networking_rutxxx_vpn_dmvpn_nhrp_parameters_configuration_v1.png |
| | }} | | }} |
| | | | |
| − | ==GRE Tunnel==
| |
| | | | |
| − | '''GRE''' (Generic Routing Encapsulation RFC2784) is a solution for tunneling RFC1812 private address-space traffic over an intermediate TCP/IP network such as the Internet. GRE tunneling does not use encryption it simply encapsulates data and sends it over the wide area network (WAN).
| |
| | | | |
| − | | + | ==Stunnel Configuration== |
| − | [[Image:Services vpn gre tunnel scheme.PNG]]
| |
| − | | |
| − | In the example network diagram two distant networks LAN1 and LAN2 are connected. To create A GRE tunnel the user must know the following parameters:
| |
| − | | |
| − | * Source and destination IP addresses
| |
| − | * Tunnel’s local IP address
| |
| − | * Distant network’s IP address and Subnet mask
| |
| − | | |
| − | To create a new GRE instance, go to the GRE Tunnel tab, type in a name for your new instance in the text field below the GRE Tunnel tab and press the '''Add New''' button next to it.
| |
| − | The newly created instance will be disabled and unconfigured. To configure it press the '''Edit''' button located next to it. This action will redirect you to the instance’s GRE Tunnel Configuration window.
| |
| − | | |
| − | | |
| − | [[Image:Services vpn gre tunnel configuration.PNG]]
| |
| − | | |
| − | <table class="nd-mantable">
| |
| − | <tr>
| |
| − | <th>field name</th>
| |
| − | <th>value</th>
| |
| − | <th>description</th>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Enabled</td>
| |
| − | <td>yes | no; Default: '''no'''</td>
| |
| − | <td>Toggles GRE Tunnel ON or OFF</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Remote endpoint IP address</td>
| |
| − | <td>ip; Default: " "</td>
| |
| − | <td>WAN IP address or hostname of the remote GRE Tunnel instance</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Remote network</td>
| |
| − | <td>integer [0..32]; Default: " "</td>
| |
| − | <td>LAN IP address of the remote device</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Remote network netmask</td>
| |
| − | <td>integer [0..32]; Default: " "</td>
| |
| − | <td>LAN netmask of the remote device</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Local tunnel IP</td>
| |
| − | <td>ip; Default: " "</td>
| |
| − | <td>Local virtual IP address. Can’t be in the same subnet as LAN network</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>MTU</td>
| |
| − | <td>integer [0..255]; Default: '''255'''</td>
| |
| − | <td>Toggles the Path Maximum Transmission Unit Discovery (PMTUD) status on this tunnel ON or OFF</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>TTL</td>
| |
| − | <td>integer [0..255]; Default: '''255'''</td>
| |
| − | <td>Fixed time-to-live (TTL) value on tunneled packets. The 0 is a special value meaning that packets inherit the TTL value</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>PMTUD</td>
| |
| − | <td>yes | no; Default: '''no'''</td>
| |
| − | <td>Toggles the Path Maximum Transmission Unit Discovery (PMTUD) status on this tunnel ON or OFF</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Redirect LAN to GRE</td>
| |
| − | <td>yes | no; Default: '''no'''</td>
| |
| − | <td>Redirects LAN traffic to the GRE interface</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Enable Keep alive</td>
| |
| − | <td>yes | no; Default: '''no'''</td>
| |
| − | <td>Gives the ability for one side to originate and receive keep alive packets to and from a remote router</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Keep Alive host</td>
| |
| − | <td>host | ip; Default: " "</td>
| |
| − | <td>Keep Alive IP address to send pings to. Preferably this should be an IP address which belongs to the LAN network on the remote device</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Keep alive interval</td>
| |
| − | <td>integer [0..255]; Default: " "</td>
| |
| − | <td>Frequency at which ICMP packets are sent by the Keep Alive function (in seconds)</td>
| |
| − | </tr>
| |
| − | </table>
| |
| − | | |
| − | To find a more in-depth GRE Tunnel configuration example, visit '''[[GRE Tunnel configuration examples|this page]]
| |
| − | | |
| − | ==PPTP==
| |
| − | | |
| − | '''Point-to-Point Tunneling Protocol (PPTP)''' is a protocol (set of communication rules) that allows corporations to extend their own corporate network through private "tunnels" over the public Internet. Effectively, a corporation uses a wide-area network as a single large local area network. A company no longer needs to lease its own lines for wide-area communication but can securely use the public networks.
| |
| − | | |
| − | For a more in-depth configuration example, visit the '''[[PPTP configuration examples]]''' page.
| |
| − | | |
| − | ===PPTP Client===
| |
| − | ----
| |
| − | To create a new PPTP instance, go to the PPTP tab, select the Role (server or client) of your instance, type in a name in the '''New configuration name''' field and press the '''Add''' button next to it. The newly created instance will be disabled and unconfigured. To configure it click the '''Edit''' button located next to it. This action will redirect you to the instance’s PPTP Configuration window.
| |
| − | | |
| − | | |
| − | [[Image:Services vpn pptp client.PNG]]
| |
| − | | |
| − | <table class="nd-mantable">
| |
| − | <tr>
| |
| − | <th>field name</th>
| |
| − | <th>value</th>
| |
| − | <th>description</th>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Enable</td>
| |
| − | <td>yes | no; Default: '''no'''</td>
| |
| − | <td>Toggles PPTP Client ON or OFF</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Use as default gateway</td>
| |
| − | <td>yes | no; Default: '''no'''</td>
| |
| − | <td>Use this PPTP instance as default gateway</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Client to client</td>
| |
| − | <td>yes | no; Default: '''no'''</td>
| |
| − | <td>Toggles client to client on the PPTP tunnel ON or OFF</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Server</td>
| |
| − | <td>host | ip; Default: " "</td>
| |
| − | <td>PPTP server's IP address or hostname</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Username</td>
| |
| − | <td>string; Default: " "</td>
| |
| − | <td>User name for authorization with the server</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Password</td>
| |
| − | <td>string; Default: " "</td>
| |
| − | <td>Password used for authorization with the server</td>
| |
| − | </tr>
| |
| − | </table>
| |
| − | | |
| − | ===PPTP Server===
| |
| − | ----
| |
| − | [[Image:Services vpn pptp server.PNG]]
| |
| − | | |
| − | <table class="nd-mantable">
| |
| − | <tr>
| |
| − | <th>field name</th>
| |
| − | <th>value</th>
| |
| − | <th>description</th>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Enable</td>
| |
| − | <td>yes | no; Default: '''no'''</td>
| |
| − | <td>Toggles PPTP Server ON or OFF</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Local IP</td>
| |
| − | <td>ip; Default: '''192.168.0.1'''</td>
| |
| − | <td>Virtual IP Address of this PPTP server</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Remote IP range begin</td>
| |
| − | <td>ip; Default: '''192.168.0.20'''</td>
| |
| − | <td>Client IP address leases beginning</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Remote IP range end</td>
| |
| − | <td>ip; Default: '''192.168.0.30'''</td>
| |
| − | <td>Client IP address leases end</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>User name</td>
| |
| − | <td>string; Default: '''youruser'''</td>
| |
| − | <td>Client's user name used for authentication with this server</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Password</td>
| |
| − | <td>string; Default: '''yourpass'''</td>
| |
| − | <td>Client's password used for authentication with this server</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>PPTP Client's IP</td>
| |
| − | <td>ip; Default: " "</td>
| |
| − | <td>Client’s IP address. Leave empty to assign a random IP from the IP range specified above</td>
| |
| − | </tr>
| |
| − | </table>
| |
| − | | |
| − | ==L2TP==
| |
| − | | |
| − | In computer networking, '''Layer 2 Tunneling Protocol (L2TP)''' is a tunneling protocol used to support virtual private networks (VPNs). It is more secure than PPTP but, because it encapsulates the transferred date twice, but it is slower and uses more CPU power.
| |
| − | | |
| − | For a more in-depth configuration example, visit the '''[[L2TP configuration examples]]''' page.
| |
| − | | |
| − | ===L2TP Client===
| |
| − | ----
| |
| − | To create a new L2TP instance, go to the L2TP tab, select the Role (server or client) of your instance, type in a name in the '''New configuration name''' field and press the '''Add''' button next to it. The newly created instance will be disabled and unconfigured. To configure it press the '''Edit''' button located next to it. This action will redirect you to the instance’s L2TP Configuration window.
| |
| − | | |
| − | | |
| − | [[Image:Services vpn l2tp client configuration.PNG]]
| |
| − | | |
| − | <table class="nd-mantable">
| |
| − | <tr>
| |
| − | <th>field name</th>
| |
| − | <th>value</th>
| |
| − | <th>description</th>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Enable</td>
| |
| − | <td>yes | no; Default: '''no'''</td>
| |
| − | <td>Toggles L2TP Client ON or OFF</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Server</td>
| |
| − | <td>host | ip; Default: " "</td>
| |
| − | <td>L2TP server's remote IP address or hostname</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Username</td>
| |
| − | <td>string; Default: " "</td>
| |
| − | <td>User name used to authenticate you to the L2TP server</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Password</td>
| |
| − | <td>string; Default: " "</td>
| |
| − | <td>Password used to authenticate you to the server</td>
| |
| − | </tr>
| |
| − | </table>
| |
| − | | |
| − | ===L2TP Server===
| |
| − | ----
| |
| − | [[Image:Services vpn l2tp server.PNG]]
| |
| − | | |
| − | <table class="nd-mantable">
| |
| − | <tr>
| |
| − | <th>field name</th>
| |
| − | <th>value</th>
| |
| − | <th>description</th>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Enable</td>
| |
| − | <td>yes | no; Default: '''no'''</td>
| |
| − | <td>Toggles L2TP Server ON or OFF</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Local IP</td>
| |
| − | <td>ip; Default: '''192.168.0.1'''</td>
| |
| − | <td>Virtual IP Address of this L2TP server</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Remote IP range begin</td>
| |
| − | <td>ip; Default: '''192.168.0.20'''</td>
| |
| − | <td>Client IP address leases beginning</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Remote IP range end</td>
| |
| − | <td>ip; Default: '''192.168.0.30'''</td>
| |
| − | <td>Client IP address leases end</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>User name</td>
| |
| − | <td>string; Default: '''user'''</td>
| |
| − | <td>Client's user name used for authentication with this server</td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td>Password</td>
| |
| − | <td>string; Default: '''pass'''</td>
| |
| − | <td>Client's password used for authentication with this server</td>
| |
| − | </tr>
| |
| − | </table>
| |
| − | | |
| − | ==Stunnel==
| |
| − | | |
| − | '''Stunnel''' is an open-source multi-platform software application used to provide a TLS/SSL tunneling service for already existing clients and servers. Below is an overview of the Stunnel application and its WebUI configuration section implemented on RUTxxx routers. For in-depth examples please visit '''[[Stunnel configuration examples|Stunnel page]]'''.
| |
| − | | |
| − | Here is an approximate visual representation of Stunnel connection:
| |
| − | | |
| − | [[Image:draw_io_simple_stunnel.png]]
| |
| − | | |
| − | | |
| − | Upon creation, Stunnel configuration will be empty. User is expected to define their own configuration using the created configuration template. Stunnel provided encryption and connection will only work with properly configured Stunnel server(s) and client(s).
| |
| − | | |
| − | Duplicate configuration names are not allowed.
| |
| − | | |
| − | Stunnel configuration list window is located at '''Services → VPN → Stunnel''':
| |
| − | | |
| − | Services menu, VPN section:
| |
| − | | |
| − | [[Image:stunnel_config_menu.png]]
| |
| − | | |
| − | Stunnel tab:
| |
| − | | |
| − | [[Image:stunnel_config_tab.png]]
| |
| − | | |
| − | | |
| − | To create a new configuration, enter the desired name in field below all configuration list entries and click button '''Add''':
| |
| − | | |
| − | [[Image:stunnel_config_creation.png]]
| |
| − | | |
| − | Once you’ve added a new Stunnel configuration, it is automatically saved - no need to press the '''Save''' button.
| |
| − | | |
| − | By default the configuration will be disabled and unconfigured. You can change the configuration by clicking the '''Edit''' button and delete the configuration by clicking the '''Delete''' button.
| |
| − | | |
| − | [[Image:stunnel_edit_button.png]]
| |
| − | | |
| − | To establish an Stunnel connection you must have configured and enabled Stunnel client and server instances on either same or different routers.
| |
| − | | |
| − | ===Stunnel Configuration===
| |
| | | | |
| | Default Stunnel configuration: | | Default Stunnel configuration: |
| Line 477: |
Line 187: |
| | | | |
| | ===Stunnel Global Configuration=== | | ===Stunnel Global Configuration=== |
| − | | + | ---- |
| | Default Stunnel global configuration: | | Default Stunnel global configuration: |
| | | | |
| Line 526: |
Line 236: |
| | Also, you must mark the global "Enabled" flag to actually enable all the individually marked configurations. | | Also, you must mark the global "Enabled" flag to actually enable all the individually marked configurations. |
| | | | |
| − | ==DMVPN==
| |
| − |
| |
| − | <b>[[DMVPN configuration|Click here]]</b> for DMVPN configuration instructions.
| |
| | | | |
| | ==See also== | | ==See also== |
| Line 538: |
Line 245: |
| | ** [[PPTP configuration examples]] | | ** [[PPTP configuration examples]] |
| | ** [[L2TP configuration examples]] | | ** [[L2TP configuration examples]] |
| − | ** [[Stunnel configuration examples]] | + | ** [[DMVPN configuration]] |
| | * Configuration examples for third party VPN services | | * Configuration examples for third party VPN services |
| | ** [[expressvpn.com VPN configuration|expressvpn.com]] | | ** [[expressvpn.com VPN configuration|expressvpn.com]] |
| Line 549: |
Line 256: |
| | ** [[OpenVPN traffic split]] | | ** [[OpenVPN traffic split]] |
| | ** [[OpenVPN client on Windows]] | | ** [[OpenVPN client on Windows]] |
| − |
| |
| − | [[Category:RUT950 WebUI]]
| |
