Line 31: |
Line 31: |
| To begin configuration, click the button that looks like a pencil next to the client instance. Refer to the figure and table below for information on the OpenVPN client's configuration fields: | | To begin configuration, click the button that looks like a pencil next to the client instance. Refer to the figure and table below for information on the OpenVPN client's configuration fields: |
| | | |
− | [[File:Networking_trb2_vpn_openvpn_client_configuration_v2.png|border|class=tlt-border|]] | + | [[File:Networking_rutos_vpn_openvpn_client_configuration_v3.png|border|class=tlt-border|]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 46: |
Line 46: |
| <tr> | | <tr> |
| <td>Enable external Services</td> | | <td>Enable external Services</td> |
− | <td>off {{!}}<span style="color:#FF8000 ;"> on</span>; default: <b>off</b></td> | + | <td>off {{!}}<span style="color:#FF8000 ;">on</span>; default: <b>off</b></td> |
| <td>Turns the OpenVPN external Services on or off.</td> | | <td>Turns the OpenVPN external Services on or off.</td> |
| </tr> | | </tr> |
Line 86: |
Line 86: |
| <tr> | | <tr> |
| <td>Protocol</td> | | <td>Protocol</td> |
− | <td>UDP {{!}} TCP{{#ifeq:{{{series}}}|RUTX| {{!}} UDP6 {{!}} TCP6}}; default: <b>UDP</b></td> | + | <td>UDP {{!}} TCP {{!}} <span style="color: green;"><b>UDP6</b></span> {{!}} <span style="color: green;"><b>TCP6</b></span>; default: <b>UDP</b></td> |
| <td>Transfer protocol used by the OpenVPN connection. | | <td>Transfer protocol used by the OpenVPN connection. |
| <ul> | | <ul> |
Line 164: |
Line 164: |
| <tr> | | <tr> |
| <td>Remote network IP address</td> | | <td>Remote network IP address</td> |
− | <td>ip; default: <b>none</b></td> | + | <td>ip4; default: <b>none</b></td> |
| <td>LAN IP address of the remote network (server).</td> | | <td>LAN IP address of the remote network (server).</td> |
| </tr> | | </tr> |
Line 171: |
Line 171: |
| <td>netmask; default: <b>none</b></td> | | <td>netmask; default: <b>none</b></td> |
| <td>LAN IP subnet mask of the remote network (server).</td> | | <td>LAN IP subnet mask of the remote network (server).</td> |
| + | </tr> |
| + | <tr> |
| + | <td><span style="color: green;">Remote network IPv6 address</span></td> |
| + | <td>ip6; default: <b>none</b></td> |
| + | <td>IPv6 address of the remote network (server). This field is becomes visible when protocol is set to UDP6 or TCP6</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
Line 181: |
Line 186: |
| <td>string; default: <b>none</b></td> | | <td>string; default: <b>none</b></td> |
| <td>Password used for authentication to the OpenVPN server.</td> | | <td>Password used for authentication to the OpenVPN server.</td> |
| + | </tr> |
| + | <tr> |
| + | <td><span style="color: red;">TLS</span>/<span style="color: #0054a6;">Password:</span>Use PKCS #12 format</td> |
| + | <td>off {{!}} on; default: <b>off</b></td> |
| + | <td>Turn PKCS #12 format on or off.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
Line 187: |
Line 197: |
| <td>Extra OpenVPN options to be used by the OpenVPN instance.</td> | | <td>Extra OpenVPN options to be used by the OpenVPN instance.</td> |
| </tr> | | </tr> |
− | <tr>
| + | <tr> |
| <td>Certificate files from device</td> | | <td>Certificate files from device</td> |
| <td>off {{!}} on; default: <b>off</b></td> | | <td>off {{!}} on; default: <b>off</b></td> |
| <td>Turn on this option if you want to select generated certificate files from device.</td> | | <td>Turn on this option if you want to select generated certificate files from device.</td> |
− | </tr>
| + | </tr> |
| <tr> | | <tr> |
| <td><span style="color: red;">TLS</span>/<span style="color: #0054a6;">Password:</span> HMAC authentication algorithm</td> | | <td><span style="color: red;">TLS</span>/<span style="color: #0054a6;">Password:</span> HMAC authentication algorithm</td> |
Line 198: |
Line 208: |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td><span style="color: red;">TLS</span>/<span style="color: #0054a6;">Password:</span> Additional HMAC authentication</td> | + | <td><span style="color: red;">TLS</span>/<span style="color: #0054a6;">Password:</span>Additional HMAC authentication</td> |
| <td>off {{!}} on; default: <b>off</b></td> | | <td>off {{!}} on; default: <b>off</b></td> |
| <td>An additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks.</td> | | <td>An additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks.</td> |
Line 289: |
Line 299: |
| <tr> | | <tr> |
| <td>Protocol</td> | | <td>Protocol</td> |
− | <td>UDP {{!}} TCP{{#ifeq:{{{series}}}|RUTX| {{!}} <span style="color: #20C0D7;"><b>UDP6</b></span> {{!}} <span style="color: #20C0D7;"><b>TCP6</b></span>}}; default: <b>UDP</b></td> | + | <td>UDP {{!}} TCP {{!}} <span style="color: green;"><b>UDP6</b></span> {{!}} <span style="color: green;"><b>TCP6</b></span>; default: <b>UDP</b></td> |
| <td>Transfer protocol used by the OpenVPN connection. | | <td>Transfer protocol used by the OpenVPN connection. |
| <ul> | | <ul> |
Line 382: |
Line 392: |
| <td><span style="color: red;">TLS</span>/<span style="color: #0054a6;">TLS/Password:</span> <span style="color: #20C0D7;"><b>Virtual network IPv6 address</b></span></td> | | <td><span style="color: red;">TLS</span>/<span style="color: #0054a6;">TLS/Password:</span> <span style="color: #20C0D7;"><b>Virtual network IPv6 address</b></span></td> |
| <td>ip6; default: <b>none</b></td> | | <td>ip6; default: <b>none</b></td> |
− | <td>IPv6 address of the OpenVPN network.</td> | + | <td>IPv6 address of the OpenVPN network. This field becomes visible when protocol is set to UDP6 or TCP6</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
Line 496: |
Line 506: |
| <td>network(); default: <b>none</b></td> | | <td>network(); default: <b>none</b></td> |
| <td>Selects which networks should be made accessible to this client.</td> | | <td>Selects which networks should be made accessible to this client.</td> |
| + | </tr> |
| + | </table> |
| + | |
| + | |
| + | ====PKCS #12==== |
| + | ---- |
| + | Enable <b>PKCS #12 format</b> if you wish to use a PKCS #12 archive file format to bundle all the members of a chain of trust instead of uploading certificates separately. |
| + | |
| + | PKCS #12 configuration settings become visible when the <b>Use PKCS #12 format</b> slider is turned on. |
| + | |
| + | [[File:Networking_rutos_vpn_openvpn_pkcs_v1.png|border|class=tlt-border]] |
| + | |
| + | <table class="nd-mantable"> |
| + | <tr> |
| + | <th>Field</th> |
| + | <th>Value</th> |
| + | <th>Description</th> |
| + | </tr> |
| + | <tr> |
| + | <td>Use PKCS #12 format</td> |
| + | <td>off {{!}} on; default: <b>off</b></td> |
| + | <td>Turn PKCS #12 format on or off.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>PKCS #12 passphrase</td> |
| + | <td>string; default: <b>none</b></td> |
| + | <td>Passphrase used to decrypt PKCS #12 certificates.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>PKCS #12 certificate chain</td> |
| + | <td>-(interactive button)</td> |
| + | <td>Use to upload certificate chain file.</td> |
| </tr> | | </tr> |
| </table> | | </table> |
Line 1,014: |
Line 1,056: |
| ---- | | ---- |
| | | |
− | [[File:Networking_rutx_vpn_ipsec_ipsec_configuration_proposal_settings_phase1_v2.png|border|class=tlt-border]] | + | [[File:Networking_rutx_vpn_ipsec_ipsec_configuration_proposal_settings_phase1_v1.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 1,023: |
Line 1,065: |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td>Encryption</td> | + | <td>Encryption algorithm</td> |
| <td>3DES {{!}} AES 128 {{!}} AES 192 {{!}} AES 256 {{!}} AES128 GCM8 {{!}} AES192 GCM8 {{!}} AES256 GCM8 {{!}} AES128 GCM12 {{!}} AES192 GCM12 {{!}} AES256 GCM12 {{!}} AES128 GCM16 {{!}} AES192 GCM16 {{!}} AES256 GCM16; default: <b>AES 128</b></td> | | <td>3DES {{!}} AES 128 {{!}} AES 192 {{!}} AES 256 {{!}} AES128 GCM8 {{!}} AES192 GCM8 {{!}} AES256 GCM8 {{!}} AES128 GCM12 {{!}} AES192 GCM12 {{!}} AES256 GCM12 {{!}} AES128 GCM16 {{!}} AES192 GCM16 {{!}} AES256 GCM16; default: <b>AES 128</b></td> |
| <td>Algorithm used for data encryption.</td> | | <td>Algorithm used for data encryption.</td> |
Line 1,052: |
Line 1,094: |
| ---- | | ---- |
| | | |
− | [[File:Networking_rutx_vpn_ipsec_ipsec_configuration_proposal_settings_phase2_v2.png|border|class=tlt-border]] | + | [[File:Networking_rutx_vpn_ipsec_ipsec_configuration_proposal_settings_phase2_v1.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 1,061: |
Line 1,103: |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td>Encryption</td> | + | <td>Encryption algorithm</td> |
| <td>3DES {{!}} AES 128 {{!}} AES 192 {{!}} AES 256 {{!}} AES128 GCM8 {{!}} AES192 GCM8 {{!}} AES256 GCM8 {{!}} AES128 GCM12 {{!}} AES192 GCM12 {{!}} AES256 GCM12 {{!}} AES128 GCM16 {{!}} AES192 GCM16 {{!}} AES256 GCM16; default: <b>3DES</b></td> | | <td>3DES {{!}} AES 128 {{!}} AES 192 {{!}} AES 256 {{!}} AES128 GCM8 {{!}} AES192 GCM8 {{!}} AES256 GCM8 {{!}} AES128 GCM12 {{!}} AES192 GCM12 {{!}} AES256 GCM12 {{!}} AES128 GCM16 {{!}} AES192 GCM16 {{!}} AES256 GCM16; default: <b>3DES</b></td> |
| <td>Algorithm used for data encryption.</td> | | <td>Algorithm used for data encryption.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td>Hash</td> | + | <td>Hash algorithm</td> |
| <td>MD5 {{!}} SHA1 {{!}} SHA256 {{!}} SHA384 {{!}} SHA512; default: <b>MD5</b></td> | | <td>MD5 {{!}} SHA1 {{!}} SHA256 {{!}} SHA384 {{!}} SHA512; default: <b>MD5</b></td> |
| <td>Algorithm used for exchanging authentication and hash information.</td> | | <td>Algorithm used for exchanging authentication and hash information.</td> |
Line 1,476: |
Line 1,518: |
| <br> | | <br> |
| ---- | | ---- |
− | [[File:Networking_rutos_manual_vpn_dmvpn_gre_parameters_configuration_v2.png|border|class=tlt-border]] | + | [[File:Networking_rutos_manual_vpn_dmvpn_gre_parameters_configuration.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 1,510: |
Line 1,552: |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td>Outbound key</td> | + | <td>GRE keys</td> |
− | <td>integer [0..65535]; default: <b>none</b></td>
| |
− | <td>A key used to identify outgoing GRE packets.</td>
| |
− | </tr>
| |
− | <tr>
| |
− | <td>Inbound key</td>
| |
| <td>integer [0..65535]; default: <b>none</b></td> | | <td>integer [0..65535]; default: <b>none</b></td> |
− | <td>A key used to identify incoming GRE packets.</td> | + | <td>A key used to identify incoming and outgoing GRE packets.</td> |
| </tr> | | </tr> |
| </table> | | </table> |
Line 1,582: |
Line 1,619: |
| <br> | | <br> |
| ---- | | ---- |
− | [[File:Networking_rutx_vpn_dmvpn_nhrp_parameters_configuration_v4.png|border|class=tlt-border]] | + | [[File:Networking_rutx_vpn_dmvpn_nhrp_parameters_configuration_v2.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 1,604: |
Line 1,641: |
| <td>integer; default: <b>7200</b></td> | | <td>integer; default: <b>7200</b></td> |
| <td>Specifies the holding time for NHRP Registration Requests and Resolution Replies sent from this interface or shortcut-target. The hold time is specified in seconds and defaults to two hours.</td> | | <td>Specifies the holding time for NHRP Registration Requests and Resolution Replies sent from this interface or shortcut-target. The hold time is specified in seconds and defaults to two hours.</td> |
− | </tr>
| |
− | <tr>
| |
− | <td>Redirect</td>
| |
− | <td>off {{!}} on; default: <b>off</b></td>
| |
− | <td>Turns DMVPN traffic redirection (Phase 3) on or off.</td>
| |
− | </tr>
| |
− | <tr>
| |
− | <td>NFLOG group</td>
| |
− | <td>integer [1..65535]; default: <b>none</b></td>
| |
− | <td>Specifies NFLOG group to be used by NHRP instance.</td>
| |
| </tr> | | </tr> |
| </table> | | </table> |
Line 1,926: |
Line 1,953: |
| | | |
| Advanced Settings section contains Metric and MTU configuration for this WireGuard interface. | | Advanced Settings section contains Metric and MTU configuration for this WireGuard interface. |
− | [[File:Networking_rutx_vpn_wireguard_instance_advanced_v1.png|border|class=tlt-border]] | + | |
| + | [[File:Networking_rutos_vpn_wireguard_instance_advanced_v2.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 1,943: |
Line 1,971: |
| <td>integer [1280..1420]; default: <b>none</b></td> | | <td>integer [1280..1420]; default: <b>none</b></td> |
| <td>Maximum Transmission Unit for this tunnel interface.</td> | | <td>Maximum Transmission Unit for this tunnel interface.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>DNS servers</td> |
| + | <td>ip | ips; default: <b>none</b></td> |
| + | <td>DNS server(s) for this Wireguard interface.</td> |
| </tr> | | </tr> |
| </table> | | </table> |
Line 1,960: |
Line 1,993: |
| | | |
| In the General section of Peer instance you can configure basic information about the endpoint to allow communications. | | In the General section of Peer instance you can configure basic information about the endpoint to allow communications. |
− | [[File:Networking_rutx_vpn_wireguard_instance_peer_instance_general_v1.png|border|class=tlt-border]] | + | |
| + | [[File:Networking_rutos_vpn_wireguard_instance_peer_instance_general_v2.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 1,977: |
Line 2,011: |
| <td>ip; default: <b>none</b></td> | | <td>ip; default: <b>none</b></td> |
| <td>A single IP address or a list of them which are allowed to communicate with this peer.</td> | | <td>A single IP address or a list of them which are allowed to communicate with this peer.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Description</td> |
| + | <td>string; default: <b>none</b></td> |
| + | <td>Description of the peer.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Route Allowed IPs</td> |
| + | <td>off {{!}} on; default: <b>off</b></td> |
| + | <td>Enable to create routes for <b>Allowed IPs</b> for this peer.</td> |
| </tr> | | </tr> |
| </table> | | </table> |