|
|
Configuring OpenVPN on your console server
The ACM500x, IMG4xxx, IM42xx, KCS61xx and CMS6100 products with Firmware V3.2 and later each have OpenVPN clients and server software embedded.
OpenVPN allows secure VPN tunneling of data through a single TCP/UDP port over an unsecured network. So an OpenVPN tunnel could be established between a roaming Windows client and an Opengear console server within a data centre. Or OpenVPN tunnels could be set up between distributed ACM5004-2-G edge devices (which may not have any publically accessible IP addresses allocated from their carrier) and some third party OpenVPN server at the enterprise central management site.
Configuring OpenVPN can be complex so Opengear provides a simple GUI interface for basic set up. However a lot more detailed information on the OpenVPN Access server and client can be found in the many HOW TO and FAQ documents on the www.openvpn.net site.
Enabling OpenVPN on your console server
- Select OpenVPN on the Serial & Networks menu
- Click Add and complete the Add OpenVPN Tunnel screen
- Enter any descriptive name you wish to identify the OpenVPN Tunnel you are adding, for example NorthStOutlet-VPN
- Select the Device Driver to be used, either Tun-IP or Tap-Ethernet. The TUN (network tunnel) and TAP (network tap) drivers are virtual network drivers that support IP tunneling and Ethernet tunneling, respectively. TUN and TAP are part of the Linux kernel.
- Select either UDP or TCP as the Protocol. UDP is the default and preferred protocol for OpenVPN.
- In Tunnel Mode nominate whether this console server is to be the Client or Server end of the tunnel. When running as a Server the console server supports multiple clients connecting to the VPN server over the same port.
- In Configuration Method select the authentication method to be used. To authenticate using certificates select PKI (X.509 Certificates) or select Custom Configuration to upload custom configuration files. Custom configurations must be stored in /etc/config
Note
If you select PKI (public key infrastructure) you will need to establish:
- Separate certificate (also known as a public key). This Certificate File will be a *.crt file type
- Private Key for the server and each client. This Private Key File will be a *.key file type
- Master Certificate Authority (CA) certificate and key which is used to sign each of the server and client certificates. This Root CA Certificate will be a *.crt file type
- For a server you may also need dh1024.pem (Diffie Hellman parameters). Refer www.openvpn.net/easyrsa.html for a guide to basic RSA key management. For alternative authentication methods see www.openvpn.net/index.php/documentation/howto.html#auth. For more information also see www.openvpn.net/howto.html
- Check or uncheck the Compression button to enable or disable compression, respectively
Configure your console server to be the OpenVPN Server or an OpenVPN Client
- Complete the Client Details or Server Details depending on the Tunnel Mode selected.
- If Client has been selected, the Primary Server Address will be the address of the OpenVPN Server.
- If Server has been selected, enter the IP Pool Network address and the IP Pool Network mask for the IP Pool. The network defined by the IP Pool Network address/mask is used to provide the addresses for connecting clients.
- Click Apply to save changes
- To enter authentication certificates and files, Edit the OpenVPN tunnel.
- Select the Manage OpenVPN Files tab. Upload or browse to relevant authentication certificates and files.
- Apply to save changes. Saved files will be displayed in red on the right-hand side of the Upload button.
- To enable OpenVPN, Edit the OpenVPN tunnel
- Check the Enabled button and click Apply to save changes. (Note: Make sure that the console server system time is correct when working with OpenVPN. Otherwise authentication issues may arise)
- Select Statistics on the Status menu to verify that the tunnel is operational.
Windows OpenVPN Server or an OpenVPN Client
For details on installing an OpenVPN Windows client (or server) and connecting to your console server OpenVPN server (or client) refer faq368-Windows-OpenVPN.html
|
