Line 267: |
Line 267: |
| | | |
| '''Note 2''': this method doesn't provide the possibility to send certificates and, therefore, should be used only to edit present OpenVPN instances and not create new ones. --> | | '''Note 2''': this method doesn't provide the possibility to send certificates and, therefore, should be used only to edit present OpenVPN instances and not create new ones. --> |
| + | |
| + | |
| + | ==OpenVPN TLS configuration example with Windows client== |
| + | This is an OpenVPN configuration example with a Windows client ([https://openvpn.net/client/client-connect-vpn-for-windows/ OpenVPN Connect]). This configuration requires the router to have a public IP address (Either static or dynamic IP). |
| + | |
| + | ===Public IP: Static / Dynamic=== |
| + | ----If your router have a static public IP address on one of its WAN interfaces, it will be used as the OpenVPN Server address on the client configuration file. |
| + | |
| + | In case you have a dynamic public IP address, it is recommended to use the '''[[Dynamic DNS]]''' functionality, and use the hostname provided by the DDNS service as the OpenVPN Server address. You can find some Dynamic DNS configuration examples [[DDNS Configuration Examples|here]]. |
| + | |
| + | ===OpenVPN Server configuration=== |
| + | ----For this example we will be creating a TUN (Tunnel) type connection that uses the UDP protocol for data transfer and TLS Authentication, you can refer to [[How to generate TLS certificates (Windows)?|this]] article for more information about TLS certificates and keys. Here is the router '''RUT1''' OpenVPN configuration ('''Server'''; LAN IP: '''192.168.1.1'''; WAN (Public static) IP: '''213.226.191.61;''' OpenVPN Virtual network will be '''10.0.0.0/24''') : |
| + | [[File:OpenVPN-Server-config.png|alt=OpenVPN-Server-Configuration|border]] |
| + | |
| + | You can add push option ('''route 192.168.1.0 255.255.255.0''') to allow VPN clients to connect to the router LAN network. |
| + | |
| + | Once the VPN server is ready, It will change its status to Active: |
| + | |
| + | [[File:Server-Status Active.png|border]] |
| + | |
| + | ===OpenVPN Windows client configuration=== |
| + | ----For this step, you'll need to prepare a configuration file folder, it must contain the following files: |
| + | |
| + | *The root certificate file (Certificate Authority) |
| + | *Client certificate |
| + | *Client key |
| + | *OpenVPN client configuration file (Client_config.ovpn) |
| + | |
| + | Mainly, it should look like this: |
| + | |
| + | [[File:Config-Folder.png|border]] |
| + | |
| + | And this is the content of the OpenVPN client config file: |
| + | client |
| + | dev '''tun''' |
| + | proto '''udp''' |
| + | auth '''sha1''' |
| + | remote '''213.226.191.61 1194''' |
| + | resolv-retry '''infinite''' |
| + | nobind |
| + | persist-key |
| + | persist-tun |
| + | ca '''ca.crt''' |
| + | cert '''client.crt''' |
| + | key '''client.key''' |
| + | remote-cert-tls '''server''' |
| + | data-ciphers '''BF-CBC''' |
| + | cipher '''BF-CBC''' |
| + | comp-lzo '''no''' |
| + | keepalive '''10 120''' |
| + | After saving the configuration file, you can open the '''OpenVPN Connect''' software on your Windows operating system, upload the configuration file, and click connect: |
| + | |
| + | [[File:OpenVPN-Client-connected.png|border]] |
| + | |
| + | The OpenVPN Windows client is now connected to the OpenVPN server. |
| + | |
| + | ===Testing OpenVPN connectivity=== |
| + | ----From The Windows client side, you can try to ping the Router's LAN IP address ('''192.168.1.1''') and one of his LAN clients ('''192.168.1.167'''): |
| + | |
| + | [[File:Testing-VPN-Connectivity.png|border]] |
| + | |
| + | The Windows OpenVPN Client can now Ping the router's LAN Network successfully. |
| | | |
| ==See also== | | ==See also== |
Line 275: |
Line 337: |
| *[[OpenVPN server on Windows]] | | *[[OpenVPN server on Windows]] |
| *[[OpenVPN traffic split]] | | *[[OpenVPN traffic split]] |
| + | *[[Configuration file .ovpn upload tutorial]] |
| *Other types of VPNs suported by RUTxxx devices: | | *Other types of VPNs suported by RUTxxx devices: |
− | **[[IPsec configuration examples]] | + | **[[IPsec RUTOS configuration example|IPsec configuration examples]] |
− | **[[GRE Tunnel configuration examples]] | + | **[[GRE Tunnel configuration examples RutOS|GRE Tunnel configuration examples]] |
− | **[[PPTP configuration examples]] | + | **[[PPTP configuration examples RutOS|PPTP configuration examples]] |
− | **[[L2TP configuration examples]] | + | **[[L2TP configuration examples RutOS|L2TP configuration examples]] |
| | | |
| ==External links== | | ==External links== |
Line 290: |
Line 353: |
| | | |
| http://www.whatsmyip.org/ | | http://www.whatsmyip.org/ |
| + | [[Category:VPN]] |