0
edits
Changes
Template:Networking rutx configuration example openvpn bridge use case (view source)
Revision as of 13:29, 5 May 2020
, 13:29, 5 May 2020Created page with "<table class="nd-othertables_2"> <tr> <th width=325; style="border-bottom: 1px solid white;></th> <th width=820; style="border-bottom: 1px solid white;" ro..."
<table class="nd-othertables_2">
<tr>
<th width=325; style="border-bottom: 1px solid white;></th>
<th width=820; style="border-bottom: 1px solid white;" rowspan=2;>
[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_topology_v1.png|border|class=tlt-border|750px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white>
{|align=center
|__TOC__
|}
</td>
</tr>
</table>
==Configuration overview and prerequisites==
'''Prerequisites''':
* One RUTxxx router
* A Public Static or Public Dynamic IP addresses
* An end device to configure the router (PC, Laptop, Tablet, Smartphone)
The topology above depicts the OpenVPN scheme. The router with the Public IP address ('''{{{name}}}''') acts as the '''OpenVPN server''' and other '''{{{name}}}''' acts as '''client'''. OpenVPN connects the networks of '''HQ Office''' and '''Remote Office'''.
When the scheme is realized, remote office workers will be able to reach HQ’s internal network with all internal systems, allowing working from remote office to be possible. All WAN and LAN traffic is going to travel through VPN tunnel.
==Configuring HQ office router==
===OpenVPN===
----
<table class="nd-othertables_2">
<tr>
<th width=525; style="border-bottom: 1px solid white;></th>
<th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_1_v1.png|border|class=tlt-border|550px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white>
Login to the router's WebUI, navigate to the '''Services → CLI''' page and do the following:
<ol>
<li>Enter username '''''root''''' .</li>
<li>Write the '''Password''' of your router.</li>
</ol>
</td>
</tr>
</table>
----
<table class="nd-othertables_2">
<tr>
<th width=525; style="border-bottom: 1px solid white;></th>
<th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_2_v1.png|border|class=tlt-border|550px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white>
Write the following commands to create and open OpenVPN '''Static key''':
1) cd /etc/easy-rsa
2) openvpn --genkey --secret static.key
3) cat static.key
</td>
</tr>
</table>
----
<table class="nd-othertables_2">
<tr>
<th width=525; style="border-bottom: 1px solid white;></th>
<th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_3_v1.png|border|class=tlt-border|550px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white>
Create '''.txt''' file on your computer and copy '''Static key''' to it. Copy from the beginning to the end as in the example.
</td>
</tr>
</table>
----
<table class="nd-othertables_2">
<tr>
<th width=525; style="border-bottom: 1px solid white;></th>
<th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_4_v1.png|border|class=tlt-border|550px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white>
Now go to '''Services → VPN → OpenVPN'''. There create a new configuration by selecting role '''Server''', writing '''New configuration name''' and pressing '''Add New'''. button It should appear after a few seconds. Then press '''Edit'''.
</td>
</tr>
</table>
----
<table class="nd-othertables_2">
<tr>
<th width=525; style="border-bottom: 1px solid white;></th>
<th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_5_v1.png|border|class=tlt-border|550px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white>
Now apply the following configuration:
<ol>
<li>'''Enable''' instance.</li>
<li>Set '''TUN/TAP''' to '''TAP (bridged)'''.</li>
<li>Enable '''LZO'''.</li>
<li>Select '''Authentication: Static key'''.</li>
<li>Add '''Keep alive''' interval: '''10 120'''.</li>
<li>Upload '''Static pre-shared key''' (use the .txt file you created in previous steps).</li>
<li>'''Save''' the changes.</li>
</ol>
</td>
</tr>
</table>
==Configuring remote office router==
===OpenVPN===
----
<table class="nd-othertables_2">
<tr>
<th width=525; style="border-bottom: 1px solid white;></th>
<th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_6_v1.png|border|class=tlt-border|550px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white>
Go to '''Services → VPN → OpenVPN'''. There create a new configuration by selecting role '''Client''', writing '''New configuration name''' and pressing '''Add New''' button. It should appear after a few seconds. Then press '''Edit'''.
</td>
</tr>
</table>
----
<table class="nd-othertables_2">
<tr>
<th width=525; style="border-bottom: 1px solid white;></th>
<th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_7_v1.png|border|class=tlt-border|550px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white>
Now apply the following configuration:
<ol>
<li>'''Enable''' instance.</li>
<li>Set '''TUN/TAP''' to '''TAP (bridged)'''.</li>
<li>Enable '''LZO'''.</li>
<li>Select '''Authentication: Static key'''.</li>
<li>Write '''Remote host/IP address''' (RUT OpenVPN server public IP).</li>
<li>Add '''Keep alive''' interval: '''10 120'''.</li>
<li>Upload '''Static pre-shared key''' (use the .txt file you created in previous steps).</li>
<li>'''Save''' the changes.</li>
</ol>
</td>
</tr>
</table>
===LAN===
----
<table class="nd-othertables_2">
<tr>
<th width=525; style="border-bottom: 1px solid white;></th>
<th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_8_v1.png|border|class=tlt-border|550px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white>
Now go to '''Network → LAN''' and apply the following steps:
<ol>
<li>Change your '''LAN IP address''' to: '''192.168.1.2</li>
<li>Disable '''DHCP'''.</li>
<li>'''Save''' the changes.</li>
</ol>
</td>
</tr>
</table>
==Results==
<table class="nd-othertables_2">
<tr>
<th width=525; style="border-bottom: 1px solid white;></th>
<th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_9_v2.png|border|class=tlt-border|550px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white>
Remote office should now be able to access HQ network resources. To verify the connection you can ping remote RUT HQ server LAN IP and if you get a reply, you have successfully connected to HQ‘s internal network. Also, all LAN addresses should now be leased to the LAN devices by HQ router.
</td>
</tr>
</table>
<tr>
<th width=325; style="border-bottom: 1px solid white;></th>
<th width=820; style="border-bottom: 1px solid white;" rowspan=2;>
[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_topology_v1.png|border|class=tlt-border|750px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white>
{|align=center
|__TOC__
|}
</td>
</tr>
</table>
==Configuration overview and prerequisites==
'''Prerequisites''':
* One RUTxxx router
* A Public Static or Public Dynamic IP addresses
* An end device to configure the router (PC, Laptop, Tablet, Smartphone)
The topology above depicts the OpenVPN scheme. The router with the Public IP address ('''{{{name}}}''') acts as the '''OpenVPN server''' and other '''{{{name}}}''' acts as '''client'''. OpenVPN connects the networks of '''HQ Office''' and '''Remote Office'''.
When the scheme is realized, remote office workers will be able to reach HQ’s internal network with all internal systems, allowing working from remote office to be possible. All WAN and LAN traffic is going to travel through VPN tunnel.
==Configuring HQ office router==
===OpenVPN===
----
<table class="nd-othertables_2">
<tr>
<th width=525; style="border-bottom: 1px solid white;></th>
<th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_1_v1.png|border|class=tlt-border|550px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white>
Login to the router's WebUI, navigate to the '''Services → CLI''' page and do the following:
<ol>
<li>Enter username '''''root''''' .</li>
<li>Write the '''Password''' of your router.</li>
</ol>
</td>
</tr>
</table>
----
<table class="nd-othertables_2">
<tr>
<th width=525; style="border-bottom: 1px solid white;></th>
<th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_2_v1.png|border|class=tlt-border|550px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white>
Write the following commands to create and open OpenVPN '''Static key''':
1) cd /etc/easy-rsa
2) openvpn --genkey --secret static.key
3) cat static.key
</td>
</tr>
</table>
----
<table class="nd-othertables_2">
<tr>
<th width=525; style="border-bottom: 1px solid white;></th>
<th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_3_v1.png|border|class=tlt-border|550px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white>
Create '''.txt''' file on your computer and copy '''Static key''' to it. Copy from the beginning to the end as in the example.
</td>
</tr>
</table>
----
<table class="nd-othertables_2">
<tr>
<th width=525; style="border-bottom: 1px solid white;></th>
<th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_4_v1.png|border|class=tlt-border|550px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white>
Now go to '''Services → VPN → OpenVPN'''. There create a new configuration by selecting role '''Server''', writing '''New configuration name''' and pressing '''Add New'''. button It should appear after a few seconds. Then press '''Edit'''.
</td>
</tr>
</table>
----
<table class="nd-othertables_2">
<tr>
<th width=525; style="border-bottom: 1px solid white;></th>
<th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_5_v1.png|border|class=tlt-border|550px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white>
Now apply the following configuration:
<ol>
<li>'''Enable''' instance.</li>
<li>Set '''TUN/TAP''' to '''TAP (bridged)'''.</li>
<li>Enable '''LZO'''.</li>
<li>Select '''Authentication: Static key'''.</li>
<li>Add '''Keep alive''' interval: '''10 120'''.</li>
<li>Upload '''Static pre-shared key''' (use the .txt file you created in previous steps).</li>
<li>'''Save''' the changes.</li>
</ol>
</td>
</tr>
</table>
==Configuring remote office router==
===OpenVPN===
----
<table class="nd-othertables_2">
<tr>
<th width=525; style="border-bottom: 1px solid white;></th>
<th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_6_v1.png|border|class=tlt-border|550px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white>
Go to '''Services → VPN → OpenVPN'''. There create a new configuration by selecting role '''Client''', writing '''New configuration name''' and pressing '''Add New''' button. It should appear after a few seconds. Then press '''Edit'''.
</td>
</tr>
</table>
----
<table class="nd-othertables_2">
<tr>
<th width=525; style="border-bottom: 1px solid white;></th>
<th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_7_v1.png|border|class=tlt-border|550px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white>
Now apply the following configuration:
<ol>
<li>'''Enable''' instance.</li>
<li>Set '''TUN/TAP''' to '''TAP (bridged)'''.</li>
<li>Enable '''LZO'''.</li>
<li>Select '''Authentication: Static key'''.</li>
<li>Write '''Remote host/IP address''' (RUT OpenVPN server public IP).</li>
<li>Add '''Keep alive''' interval: '''10 120'''.</li>
<li>Upload '''Static pre-shared key''' (use the .txt file you created in previous steps).</li>
<li>'''Save''' the changes.</li>
</ol>
</td>
</tr>
</table>
===LAN===
----
<table class="nd-othertables_2">
<tr>
<th width=525; style="border-bottom: 1px solid white;></th>
<th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_8_v1.png|border|class=tlt-border|550px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white>
Now go to '''Network → LAN''' and apply the following steps:
<ol>
<li>Change your '''LAN IP address''' to: '''192.168.1.2</li>
<li>Disable '''DHCP'''.</li>
<li>'''Save''' the changes.</li>
</ol>
</td>
</tr>
</table>
==Results==
<table class="nd-othertables_2">
<tr>
<th width=525; style="border-bottom: 1px solid white;></th>
<th width=620; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_rut_configuration_example_openvpn_bridge_use_case_9_v2.png|border|class=tlt-border|550px|right]]</th>
</tr>
<tr>
<td style="border-bottom: 1px solid white>
Remote office should now be able to access HQ network resources. To verify the connection you can ping remote RUT HQ server LAN IP and if you get a reply, you have successfully connected to HQ‘s internal network. Also, all LAN addresses should now be leased to the LAN devices by HQ router.
</td>
</tr>
</table>
