Changes

OpenVPN configuration examples RUT R 00.07 (view source)

Revision as of 16:33, 13 May 2022

1,896 bytes added , 16:33, 13 May 2022

no edit summary

Line 116: Line 116:

To sum up, just make sure the Server and the Clients use the same parameters (same authentication, same port, same protocol, etc.). Since the OpenVPN interface that comes up is bridged with the LAN interface, make sure the routers are in the '''same subnet''' (192.168.1.0 in this case). While making sure of that, don't forget that the routers can't have the same IP address, just the same subnet (for example, if both routers have the LAN IP 192.168.1.1, the connection won't work; if one has, for example, 192.168.1.1 and the other 192.168.1.100, then the connection will work).

−

For this example we used TLS Authentication. If you want to use a different Authentication method, refer to the relevant section of this article. The authentication configuration will not be different because of the chosen OpenVPN type (TUN or TAP).

+

For this example, we used TLS Authentication. If you want to use a different Authentication method, refer to the relevant section of this article. The authentication configuration will not be different because of the chosen OpenVPN type (TUN or TAP).

From the Client side, make sure to enter the correct '''Remote host/IP address''' (213.226.191.61 in this case). This is the Server's Public IP address, not the LAN IP address.

Line 122: Line 122:

==Testing an OpenVPN connection==

−

The most important thing after configuration is making sure that the newly established connection works. You can check the status of an OpenVPN connection in the '''Status → Network → OpenVPN''' page:

+

The most important thing after configuration is making sure that the newly established connection works. You can check the status of an OpenVPN connection on the '''Status → Network → OpenVPN''' page:

'''Server side'''

Line 131: Line 131:

[[File:Networking rut configuration openvpn client v1.png|alt=|border|class=tlt-border]]

+

Another method of testing pinging the other instance's virtual or private IP address. You can send ping packets via CLI, SSH, or from the '''[[RUT955_Administration#Diagnostics|System → Administration → Troubleshoot → Diagnostics]]''' section of the router's WebUI:

+

[[File:Networking rut configuration diagnostics ping v1.jpg|alt=|border|class=tlt-border]]

+

Ping the Server's virtual/private IP address from the Client or vice versa. If the ping packets are transmitted successfully, congratulations, your OpenVPN connection is working.

+

==Additional configuration==

+

This section will provide examples of some additional OpenVPN related configurations like how to reach another OpenVPN instance's private LAN or how to use an OpenVPN instance as a Proxy.

+

===Reaching a device's LAN network===

+

----

+

You may want your OpenVPN Clients to be able to reach devices that are in the Server device's private network (LAN) or vice versa. This section will provide directions on how to do that.

+

====Server from Client====

+

----

+

To reach another OpenVPN instance's LAN network, you have to have a '''route''' to that network with the '''Virtual remote endpoint''' as the ''' gateway. You can add '''Static routes''' via command line, but these routes are removed automatically when router reboots or when connection goes down even if only for a moment. To solve this, you add permanent static routes via the router's WebUI in the '''[[Routing#Static_Leases|Network → Routing → Static Routes]]''' page. But this method is also not foolproof since it means that if an address ever changes, you would have to also modify the static route on all related devices. '''

+

----

+

Another method of reaching the OpenVPN Server's private network from the Client is specifying the network in the OpenVPN Client's configuration. To do so, open the Client's configuration window and fill in these two fields:

Edvinas.Dryzas

Administrators

489

edits