OpenVPN configuration examples: Difference between revisions

OpenVPN configuration examples (view source)

Revision as of 13:30, 25 June 2024

2,966 bytes added , 25 June

m

Justas.Cip moved page OpenVPN configuration examples RUT R 00.07 to OpenVPN configuration examples without leaving a redirect

VisualWikitext

Justas.Cip

Administrators

538

edits

@@ Line 267: / Line 267: @@
 '''Note 2''': this method doesn't provide the possibility to send certificates and, therefore, should be used only to edit present OpenVPN instances and not create new ones. -->
+==OpenVPN TLS configuration example with Windows client==
+This is an OpenVPN configuration example with a Windows client ([https://openvpn.net/client/client-connect-vpn-for-windows/ OpenVPN Connect]). This configuration requires the router to have a public IP address (Either static or dynamic IP).
+===Public IP: Static / Dynamic===
+----If your router have a static public IP address on one of its WAN interfaces, it will be used as the OpenVPN Server address on the client configuration file.
+In case you have a dynamic public IP address, it is recommended to use the '''[[Dynamic DNS]]''' functionality, and use the hostname provided by the DDNS service as the OpenVPN Server address. You can find some Dynamic DNS configuration examples [[DDNS Configuration Examples|here]].
+===OpenVPN Server configuration===
+----For this example we will be creating a TUN (Tunnel) type connection that uses the UDP protocol for data transfer and TLS Authentication, you can refer to [[How to generate TLS certificates (Windows)?|this]] article for more information about TLS certificates and keys. Here is the router '''RUT1''' OpenVPN configuration ('''Server'''; LAN IP: '''192.168.1.1'''; WAN (Public static) IP: '''213.226.191.61;''' OpenVPN Virtual network will be '''10.0.0.0/24''') :
+[[File:OpenVPN-Server-config.png|alt=OpenVPN-Server-Configuration|border]]
+You can add push option ('''route 192.168.1.0 255.255.255.0''') to allow VPN clients to connect to the router LAN network.
+Once the VPN server is ready, It will change its status to Active:
+[[File:Server-Status Active.png|border]]
+===OpenVPN Windows client configuration===
+----For this step, you'll need to prepare a configuration file folder, it must contain the following files:
+*The root certificate file (Certificate Authority)
+*Client certificate
+*Client key
+*OpenVPN client configuration file (Client_config.ovpn)
+Mainly, it should look like this:
+[[File:Config-Folder.png|border]]
+And this is the content of the OpenVPN client config file:
+ client
+ dev '''tun'''
+ proto '''udp'''
+ auth '''sha1'''
+ remote '''213.226.191.61 1194'''
+ resolv-retry '''infinite'''
+ nobind
+ persist-key
+ persist-tun
+ ca '''ca.crt'''
+ cert '''client.crt'''
+ key '''client.key'''
+ remote-cert-tls '''server'''
+ data-ciphers '''BF-CBC'''
+ cipher '''BF-CBC'''
+ comp-lzo '''no'''
+ keepalive '''10 120'''
+After saving the configuration file, you can open the '''OpenVPN Connect''' software on your Windows operating system, upload the configuration file, and click connect:
+[[File:OpenVPN-Client-connected.png|border]]
+The OpenVPN Windows client is now connected to the OpenVPN server.
+===Testing OpenVPN connectivity===
+----From The Windows client side, you can try to ping the Router's LAN IP address ('''192.168.1.1''') and one of his LAN clients ('''192.168.1.167'''):
+[[File:Testing-VPN-Connectivity.png|border]]
+The Windows OpenVPN Client can now Ping the router's LAN Network successfully.
 ==See also==
@@ Line 291: / Line 353: @@
 http://www.whatsmyip.org/
+[[Category:VPN]]