vpn (openvpn) setting guide - korenix
TRANSCRIPT
1
VPN (OpenVPN) Setting Guide
Johnny
Agenda
• Prepare
• Example for IP settings
• Static mode
• TLS-mode
Prepare
• Required equipment Desktop or Laptop * 2
VPN Server *1 (Use JetBox 5630 in this case)
VPN Client *1 (Use JetWave 2311 in this case)
WAN port
IP:192.168.20.2
Eth 1
IP:192.168.20.1
Eth 2
192.168.10.1
Eth 1
IP:192.168.30.1
PC 1 PC 2
IP: 192.168.10.111
GW: 192.168.10.1
IP: 192.168.30.10
GW: 192.168.30.1
VPN Tunnel:
Default Route IP:
192.168.20.1 <-> 192.168.20.2
VPN ifconfig:
10.8.0.1 <-> 10.8.0.2
OpenVPN Server OpenVPN Client
Example for IP settings
Agenda
• Prepare
• Example for IP settings
• Static mode
• TLS-mode
Static mode
• Server IP settings Setup IP address for WAN & LAN in “Network”=> “Settings”
Click “Save & Apply” after setup IP address
Static mode
• Server IP settings (For PC) Change to same IP domain for Desktop (or Laptop) which you
connected to server
Gateway should be LAN port IP address of your server (JetBox 5630)
Static mode
• Create a new VPN connection Go to “VPN”=> “OpenVPN”
Insert name of the connection and click “Add”
Static mode
• Setup VPN connection for server 1. Choose “secret” for Encryption
2. Click “Generate”
Static mode
• Setup VPN connection 3. Click file icon, chose “static.key”
4. Check the three options
Static mode
• Setup VPN connection 5. Add ”Port” “keepalive” & “route” one by one in “Additional Field”
6. ”Port” “keepalive” don’t need to modify, route should be same domain with LAN IP address of client
Static mode
• Download Key Go to “VPN”=> “Certificates”
Click “Download archive”
Find “static.key” in \etc\openvpn, it need to import to client later
Static mode
• Start Open VPN connection which you created Back to “OpenVPN” page
Click “Start”, and then click “Save & Apply”
Static mode
• Client Network Mode modify Go to “System”=> “Basic Settings”, Change “Network Mode” to
“Router” and press “Apply”
Static mode
• Client IP settings Go to “System”=> “IP Settings”, setup IP address for WAN & LAN, and
then Click “Apply” after you setup IP address
Static mode
• Client IP settings (For PC) Change to same IP domain for Desktop (or Laptop) which you
connected to client
Gateway should be LAN port IP address of your client (JetWave 2311)
Static mode
• Client import Key Copy Keys file which you downloaded from server, and put it to PC
which you connected to client
Go to “Management”=> “Certificate File”
Import “static.key” to client
Static mode
• Client time settings Go to “System”=> “Time Settings”
Click “Get PC Time”, and then click “Apply“
Static mode
• Setup VPN connection for client Go to ”VPN”=> “OpenVPN Client”
Choose “Static” for Encryption Mode
Remote Server IP (1): Insert IP address of Server WAN port
Static mode
• Setup VPN connection for client Page down
Route: Should be same domain with LAN IP address of Server
Static mode
• Enable VPN connection for client Page up
Check “Enable OpenVPN Client Connection”
Static mode
• Enable VPN connection for client Page down
Click “Apply”
Static mode
• Save settings for client Go to “Save”
Click “Save to Flash”
Static mode
• Confirm VPN connection status Go to “VPN”=> “Status”, you can check out the status of VPN
connection
Agenda
• Prepare
• Example for IP settings
• Static mode
• TLS-mode
• Server IP settings Setup IP address for WAN & LAN in “Network”=> “Settings”
Click “Save & Apply” after setup IP address
TLS-Mode
• Server IP settings (For PC) Change to same IP domain for Desktop (or Laptop) which you
connected to server
Gateway should be LAN port IP address of your server (JetBox 5630).
TLS-Mode
TLS-Mode
• Create a new VPN connection Go to “VPN”=> “OpenVPN”
Insert name of the connection and click “Add”
TLS-Mode
• Build Keys for VPN connection It can’t be built Key in Web interface for TLS-Mode, must create Key
from command mode
Use console cable connect PC & JetBox 5630 together, or you can use Telnet in CMD
TLS-Mode
(1024 or 2048)
• Build Keys for VPN connection Enter “cd /etc/openvpn/easy-rsa/2.0”
Enter “vi vars” could be modify vars file, you can skip if you don’t want to change
• Build Keys for VPN connection Enter “. ./vars” (set up vars) //Notice: There has a blank between
two point
Enter “./clean-all” (Remove all keys which created before)
TLS-Mode
• Build Keys for VPN connection – ca Enter “./build-ca”, you can press ENTER to skip “Country name”
“State”...etc. if you don’t want to change it
TLS-Mode
• Build Keys for VPN connection - Server Enter “./build-key-server server”, you can press ENTER to skip
“Country name” “State”...etc. if you don’t want to change it
“Sign the certificate” & ”1 out 1 certificate requests certificated, commit?” Please press ”y” and then press ENTER
TLS-Mode
• Build Keys for VPN connection - Client Enter “./build-key client”
“Sign the certificate” & ”1 out 1 certificate requests certificated, commit?” Please press ”y” and then press ENTER
TLS-Mode
• Build Keys for VPN connection - DH (Diffie Hellman parameters) Enter “./build-dh”
TLS-Mode
• Download Keys Access to the web interface of JetBox 5630
Go to “VPN” => “Certificates” click “Download archive”
TLS-Mode
• Modify Key Extract keys file which you download from server to desktop, go to
Keys like picture from below
Create a new folder which name is client, and put client.crt & client.key to that folder
TLS-Mode
• Setup VPN connection for server Check “Automatically Start after reboot”
Choose “tls-mode” for Encryption
Choose correct keys for “ca” “dh” “cert” & “key” like picture from below
Check
Choose tls-mode
TLS-Mode
• Setup VPN connection for server 1. Check the three options
2. Add ”Port” “keepalive” & “route” one by one in “Additional Field”
3. ”Port” “keepalive” don’t need to modify, push route should be same domain with LAN IP address of server
TLS-Mode
• Server route settings Back to 5630 command mode
Enter “cd /etc/openvpn/” and press ENTER
Enter “vi (Insert the Name which you choose in page.37).conf”
TLS-Mode
• Server route settings Press ”i” from your keyboard
Move cursor to behind the “auth SHA1” press ENTER to line feed and enter:
• client-config-dir ccd
• route 192.168.10.0 255.255.255.0 //client IP domain
Press ESC when you finish
Enter ”:wq”
TLS-Mode
• Server route settings Enter “mkdir ccd” //create “ccd” folder
Enter “cd ccd” //Go to “ccd”
Enter “vi client”
TLS-Mode
• Server route settings Press ”i” from your keyboard and enter:
• ifconfig-push 10.8.0.3 10.8.0.1
• iroute 192.168.10.0 255.255.255.0
Press ESC when you finish
Enter ”:wq”
TLS-Mode
• Start Open VPN connection which you created Back to “OpenVPN” page
Click “Start”, and then click “Save & Apply”
TLS-Mode
• Client Network Mode modify Go to “System”=> “Basic Settings”, Change “Network Mode” to “Router”
and press “Apply”
TLS-Mode
• Client IP setting Go to “System”=> “IP Settings”, setup IP address for WAN & LAN, and
then Click “Apply” after you setup IP address
TLS-Mode
• Client IP settings (For PC) Change to same IP domain for Desktop (or Laptop) which you
connected to client
Gateway should be LAN port IP address of your client (JetWave 2311)
TLS-Mode
TLS-Mode
• Client import Key Copy Keys file which you downloaded from server, and put it to PC
which you connected to client
Go to “Management”=> “Certificate File”
Import “ca.crt” “client.crt” & “client.key” to client
• Client time settings Go to “System”=> “Time Settings”
Click “Get PC Time”, and then click “Apply“
TLS-Mode
• Setup VPN connection for client Go to ”VPN”=> “OpenVPN Client”
Choose “TLS” for Encryption Mode
Remote Server IP (1): Insert IP address of Server WAN port
TLS-Mode
• Setup VPN connection for client Page down
Route: Should be same domain with LAN IP address of Server
TLS-Mode
• Enable VPN connection for client Page up
Check “Enable OpenVPN Client Connection”
TLS-Mode
• Enable VPN connection for client Page down
Click “Apply”
TLS-Mode
• Save settings for client Go to “Save”
Click “Save to Flash”
TLS-Mode
• Confirm VPN connection status Go to “VPN”=> “Status”, you can check out the status of VPN
connection
TLS-Mode
56
Thanks a lot !