[advantech] adam-3600 open vpn setting tutorial step by step
TRANSCRIPT
ADAM-3600 OpenVPN + DDNS + 3G connection
setting
Intercorn AE Minghung.Hsieh
2016/4/6
Agenda
Build up OpenVPN server/client
ADAM-3600 OpenVPN setting
ADAM-3600 OpenVPN : 3G + DDNS + public dynamic
IP
Build up OpenVPN server/client
Topology
Ethernet connection with OpenVPN
OpenVPN server
IP: 172.18.2.58
VPN IP : 192.168.77.1
IP: 172.18.2.49
VPN IP : 192.168.77.6
OpenVPN client
Ethernet
VPN tunnel
Open VPN website
OpenVPN Quick start
https://openvpn.net/index.php/open-
source/documentation/howto.html
Download and install OpenVPN installer (64bits)
https://openvpn.net/index.php/download/community-
downloads.html
Steps for building up VPN
1. Install OpenVPN
2. Initialize the environment
3. Edit the var for information
4. Create rootCA
5. Create the server private/public key pair
6. Create the client public/private key pair
7. Build Diffie Hellman paramaters
8. Check generating key
9. Copy the client configure file
10. Run open VPN server
11. Copy the client configure file
12. Run open VPN client
Step1 : Install OpenVPN
Download and install OpenVPN installer (64bits)
https://openvpn.net/index.php/download/community-
downloads.html
OpenVPN GUI
Step2 : Initialize the environment
Check Easy-rsa context in your install path
My Install path : D:\Program Files\OpenVPN\easy-rsa
Step2 : Initialize the environment
Easy-rsa path : D:\Program Files\OpenVPN\easy-rsa
Run batch file “init-config.bat”
Step3 : Edit the var.bat for information
Edit your easy-rsa folder
path
Edit the KEY_COUNTRY,
KEY_PROVINCE, KEY_CITY,
KEY_ORG, KEY_EMAIL and
the other parameters,
according to your needs.
Don't leave any of these
parameters blank.
Step4 : Create rootCA
Run “var.bat”, the file
that we just edited
Run “clean-all.bat”
Run “build-ca.bat” to
create the rootCA
– Organizational Unit
Name : user
– Common Name : RTU
– The other setting :
default
Step4 : Create rootCA
Check import items in
running “build-ca.bat”
to create the rootCA
1. Organizational Unit
Name : user
2. Common Name : RTU
3. The other setting :
default
Step5 : Create the server private/public key pair
Install OpenVPN
I
Run “build-key-
server.bat keyName”
Example :
“build-key-server.bat
server”
Check item
1. Organizational Unit
Name : user
2. Common Name : RTU
3. The other setting :
default
4. Password : 12345678
5. Certificate
Step5 : Create the server private/public key pair
Check item
1. Organizational Unit
Name : user
2. Common Name : RTU
3. The other setting :
default
4. Password : 12345678
5. Certificate
Step 6 : Create the client public/private key pair
Run “build-key.bat
keyName”
Example :
“build-key.bat client1”
Check item
1. Organizational Unit
Name : user
2. Common Name :
client1
3. The other setting :
default
4. Password : 12345678
5. Certificate
Step 6 : Create the client public/private key pair
Check item
1. Organizational Unit
Name : user
2. Common Name :
client1
3. The other setting :
default
4. Password : 12345678
5. Certificate
Step 7 : Build Diffie Hellman parameters
Run “build-dh.bat ””
This program will generate 1024bit RSA key
Step 8 : Check generating key
Key path : D:\Program Files\OpenVPN\easy-rsa\keys
Check client’s crt and server’s crt aren’t empty.
Steps for building up VPN
1. Install OpenVPN
2. Initialize the environment
3. Edit the var for information
4. Create rootCA
5. Create the server private/public key pair
6. Create the client public/private key pair
7. Build Diffie Hellman paramaters
8. Check generating key
9. Copy the client configure file
10. Run open VPN server
11. Copy the client configure file
12. Run open VPN client
Topology
Ethernet connection with OpenVPN
Server setting
OpenVPN server
IP: 172.18.2.58
VPN IP : 192.168.77.1
IP: 172.18.2.49
VPN IP : 192.168.77.6
OpenVPN client
Ethernet
VPN tunnel
Step 9 : Copy the Server configure file
Open Server configuration
Copy file from key folder into config folder
1. ca.key,
2. ca.crt,
3. server.key,
4. server.crt,
5. dh1024.pem
Copy server configure file from sample
rename server_3600.ovpn
Key folder - D:\Program Files\OpenVPN\easy-rsa\keys
Config folder - D:\Program Files\OpenVPN\config
Sample-config folder - D:\Program Files\OpenVPN\sample-
config
Step 9 : Copy the Server configure file
Modify setting in server configure
1. TCP connection : proto tcp
2. Dh file : dh dh1024.pem (default : dh2048.pem)
3. VPN domain : 192.168.77.0 255.255.255.0
User definition
Step 10 : Run open VPN server
Run OpenVPN GUI
Connect your server : server_3600
Topology
Ethernet connection with OpenVPN
Client setting
OpenVPN server
IP: 172.18.2.58
VPN IP : 192.168.77.1
IP: 172.18.2.49
VPN IP : 192.168.77.6
OpenVPN client
Ethernet
VPN tunnel
Step 11 : Copy the client configure file
Open Server configuration
Copy file from key folder into config folder
1. ca.crt
2. client1.key
3. clent1.crt
Copy client configure file from sample
rename client_3600.ovpn
Key folder - D:\Program Files\OpenVPN\easy-rsa\keys
Config folder - D:\Program Files\OpenVPN\config
Sample-config folder - D:\Program Files\OpenVPN\sample-
config
Step 11 : Copy the client configure file
Modify setting in cliet configure
1. TCP connection : proto tcp
2. Hostname/IP: remote IP port
remote 172.18.2.58 1194
3. Certificate : modify the client setting name of ca/key/cert
Step 12 : Run open VPN client
Run OpenVPN GUI
Connect your client : client_3600
Result
OpenVPN server
Ping open VPN client IP : 192.168.77.6
ADAM-3600 OpenVPN setting
Topology
Ethernet connection with OpenVPN
OpenVPN server
IP: 172.18.2.58
VPN IP : 192.168.77.1
IP: 172.18.2.49
VPN IP : 192.168.77.6
OpenVPN client
Ethernet
VPN tunnel
Check VPN server network port
Check VPN server & router port
1. Web server : 80
2. VPN : 1194
3. DNP3 : 20000
4. Modbus : 502
Check ADAM-3600 system time
VPN need the closely system time of VPN server and
client
Update ADAM-3600 Time and Date
1. by commend line: Example : date -s "2016-04-07 18:30:50“
2. by NTP:
Configure ADAM-3600 Open VPN
Server IP/Domain : 172.18.2.58
Port : 1194
Protocol : TCP
CA file : ca.crt
CERT file : clent1.crt
KEY file : client1.key
Check ADAM-3600 OpenVPN status
Download project file into ADAM-3600 and reboot
Check system log : build up VPN successfully
Result
VPN Server connect to ADAM-3600 web server
ADAM-3600 IP : 192.168.77.6
ADAM-3600 OpenVPN : 3G + DDNS + public dynamic IP
• OpenVPN server : DDNS + public dynamic IP
• OpenVPN cliet : ADAM-3600 + 3G
Topology
Public IP and DDNS in OpenVPN server
Domain name VPN connection in ADAM-3600
OpenVPN server
IP: 124.9.8.233
VPN IP : 192.168.77.1 IP: 172.18.2.49
VPN IP : 192.168.77.6
OpenVPN client
Ethernet
VPN tunnel
Ethernet
DDNS service
adam3600.ddns.net
Check VPN server network port
Check VPN server & router port
1. Web server : 80
2. VPN : 1194
3. DNP3 : 20000
4. Modbus : 502
Open VPN server setting
Open port tool :
http://www.portchecktool.com/?utm_source=DUC&u
tm_medium=duc-click&utm_campaign=duc-
WINDOWS
Open VPN server setting
Public IP setting in VPN server computer
IP: 124.9.8.233
VPN IP : 192.168.77.1
Open VPN server setting
DDNS service – NoIP
1. Apply NoIP account : http://www.noip.com/
2. Apply a DDNS host name & domain (free)
3. IP : public IP
4. Host name & domain example : adam3600.ddns.net
Open VPN server setting
DDNS service – NoIP + DUC
1. Download and install Dynamic DNS Update Client (DUC)
http://www.noip.com/download?page=win
2. Install and login DUC
3. Edit hosts to your ddns domaion
Example : adam3600.ddns.net
4. Auto refresh public IP
Open VPN server setting
DDNS service – DUC update public ip
ADAM-3600 OpenVPN : 3G + DDNS + public dynamic IP
• OpenVPN server : DDNS + public dynamic IP
• OpenVPN cliet : ADAM-3600 + 3G
Topology
Public IP and DDNS in OpenVPN server
Domain name VPN connection in ADAM-3600
OpenVPN server
IP: 124.9.8.233
VPN IP : 192.168.77.1 IP: 172.18.2.49
VPN IP : 192.168.77.6
OpenVPN client
Ethernet
VPN tunnel
Ethernet
DDNS service
adam3600.ddns.net
Check ADAM-3600 system time
VPN need the closely system time of VPN server and
client
Update ADAM-3600 Time and Date
1. by commend line: Example : date -s "2016-04-07 18:30:50“
2. by NTP:
Configure ADAM-3600 Open VPN
Server IP/Domain : adam3600.ddns.net
Port : 1194
Protocol : TCP
CA file : ca.crt
CERT file : clent1.crt
KEY file : client1.key
3G / WIFI setting
GPRS/3G setting
APN: dependent on vender (In UAE )
1. du
2. etisalat.ae
Phone number :
1. *99#
2. *99***1#
3. *99***2#
3G / WIFI setting
GPRS/3G setting - Taiwan
APN: internet
Phone number : *99#
Check ADAM-3600 3G / OpenVPN
Download project file into ADAM-3600 and reboot
Signal info
1. Phone number
2. Quality
3. Public IP
Check ADAM-3600 3G / OpenVPN
System log : build up VPN successfully
Result
OpenVPN server – DUC / OpenVPN get client (3600)
ADAM-3600 VPN : 192.168.77.6
Result
OpenVPN client – ADAM-3600
Ping 192.168.77.1 VPN server