31,703
edits
Changes
OpenVPN configuration examples (view source)
Revision as of 11:11, 9 March 2018
, 11:11, 9 March 2018no edit summary
* Authentication
* Authentication
** TLS - uses SSL/TLS + certificates for authentication and key exchange.
** TLS - uses SSL/TLS + certificates for authentication and key exchange.
** Static key - use a pre-shared Static key.
** Static key - uses a pre-shared Static key. Can only be used between two peers.
An overview of most of these types is provided in this article. Concerning TCP vs UDP, we will be using UDP for all examples. Choosing between TCP and UDP doesn't affect the rest of the configuration, so you can still follow the given examples no matter which protocol you are using. Simply choose the one that suits your purposes.
An overview of most of these types is provided in this article. Concerning TCP vs UDP, we will be using UDP for all examples. Choosing between TCP and UDP doesn't affect the rest of the configuration, so you can still follow the given examples no matter which protocol you are using. Simply choose the one that suits your purposes.
===Creating a Static key===
===Creating a Static key===
----
----
A Static key connection uses a pre-shared for authentication between a Server and one Client. You can generate a Static key within the router itself or with PC that uses a Linux-based OS.
====Within the router====
----
In order to generate a Static key within the router connect to the device via the '''[[CLI|Command Line Interface]]''' ('''[[CLI]]''') or '''SSH''' (the default username is '''root''', the password is your router's admin password, '''admin01''' by default). CLI can be found in the router's WebUI, under Services. To connect to the router via SSH, use Terminal app (type ssh '''[email protected]'''; replace 192.168.1.1 with your router's LAN IP address) if you're using a Linux-based OS. Or download '''PuTTY''', a free SSH and telnet client, if you're using Windows.
When you have connected to the router, relocate to the directory (for example, '''cd /etc/easy-rsa/keys/''') where you want to store your Static key and use this command:
# openvpn --genkey --secret static.key
The newly generated Static key will appear in the same directory where you issued the command above.
=====Extracting the key=====
----
If you are using a Linux-based OS, extracting files from the router is simple. Just go to the directory on your PC where you want to relocate the files, right click anywhere and choose the '''Open in Terminal''' option. In the Terminal command line use the '''Secure Copy''' ('''scp''') command to copy the files from the router. The full command should look something like this:
$ scp [email protected]:/etc/esy-rsa/keys/static.key ./
The '''[email protected]:/etc/easy-rsa/keys/static.key''' specifies the path to where the Static key is located (replace the IP address with your router's LAN IP); the '''./''' denotes that you want to copy the contents to the directory you are in at the moment.
If you are using Windows, you can copy files from the router using '''WinSCP''', an Open source freeware SFTP, SCP and FTP client for Windows OS. Use the same login information with WinSCP as with CLI or SSH. Once you've connected to the router with WinSCP, copying the files should be simple enough: just relocate to directory where you generated the key, select the Static key file and drag it to directory on your PC where you would like to store it.
====On a Linux PC====
----
To generate a Static key on a Linux PC, go to the directory where you want the key to appear, right click anywhere in that directory and chose the option '''Open in Terminal'''. In the Terminal window execute this command:
$ openvpn --genkey --secret static.key
The newly generated key should then appear in the directory you were in.
===Configuration===
===Configuration===
----
----
When have a Static key, you can start configuring OpenVPN Server and Client instances. For this example we will be creating a TUN (Tunnel) type connection that uses the UDP protocol for data transfer and Static key for Authentication. We will be using two RUT routers: '''RUT1''' ('''Server'''; LAN IP: '''192.168.1.1'''; WAN (Public static) IP: '''193.186.223.42''') and '''RUT2''' ('''Client'''; LAN IP: '''192.168.2.1'''); the two routers will be connected via OpenVPN; the Server's Virtual IP address will be '''10.0.0.1'''; the Client's - 10.0.0.2:
[[File:Static key client server.png]]