VPN (OpenVPN) Setting Guide. Johnny

VPN (OpenVPN) Setting Guide Johnny 1

Agenda Prepare Example for IP settings Static mode TLS-mode

Prepare Required equipment Desktop or Laptop * 2 VPN Server *1 (Use JetBox 5630 in this case) VPN Client *1 (Use JetWave 2311 in this case)

Example for IP settings OpenVPN Server OpenVPN Client Eth 1 IP:192.168.30.1 WAN port IP:192.168.20.2 Eth 1 IP:192.168.20.1 Eth 2 192.168.10.1 PC 2 IP: 192.168.30.10 GW: 192.168.30.1 VPN Tunnel: Default Route IP: 192.168.20.1 <-> 192.168.20.2 VPN ifconfig: 10.8.0.1 <-> 10.8.0.2 PC 1 IP: 192.168.10.111 GW: 192.168.10.1

Agenda Prepare Example for IP settings Static mode TLS-mode

Static mode Server IP settings Setup IP address for WAN & LAN in Network => Settings Click Save & Apply after setup IP address

Static mode Server IP settings (For PC) Change to same IP domain for Desktop (or Laptop) which you connected to server Gateway should be LAN port IP address of your server (JetBox 5630)

Static mode Create a new VPN connection Go to VPN => OpenVPN Insert name of the connection and click Add

Static mode Setup VPN connection for server 1. Choose secret for Encryption 2. Click Generate

Static mode Setup VPN connection 3. Click file icon, chose static.key 4. Check the three options

Static mode Setup VPN connection 5. Add Port keepalive & route one by one in Additional Field 6. Port keepalive don t need to modify, route should be same domain with LAN IP address of client

Static mode Download Key Go to VPN => Certificates Click Download archive Find static.key in \etc\openvpn, it need to import to client later

Static mode Start Open VPN connection which you created Back to OpenVPN page Click Start, and then click Save & Apply

Static mode Client Network Mode modify Go to System => Basic Settings, Change Network Mode to Router and press Apply

Static mode Client IP settings Go to System => IP Settings, setup IP address for WAN & LAN, and then Click Apply after you setup IP address

Static mode Client IP settings (For PC) Change to same IP domain for Desktop (or Laptop) which you connected to client Gateway should be LAN port IP address of your client (JetWave 2311)

Static mode Client import Key Copy Keys file which you downloaded from server, and put it to PC which you connected to client Go to Management => Certificate File Import static.key to client

Static mode Client time settings Go to System => Time Settings Click Get PC Time, and then click Apply

Static mode Setup VPN connection for client Go to VPN => OpenVPN Client Choose Static for Encryption Mode Remote Server IP (1): Insert IP address of Server WAN port

Static mode Setup VPN connection for client Page down Route: Should be same domain with LAN IP address of Server

Static mode Enable VPN connection for client Page up Check Enable OpenVPN Client Connection

Static mode Enable VPN connection for client Page down Click Apply

Static mode Save settings for client Go to Save Click Save to Flash

Static mode Confirm VPN connection status Go to VPN => Status, you can check out the status of VPN connection

Agenda Prepare Example for IP settings Static mode TLS-mode

Server IP settings Setup IP address for WAN & LAN in Network => Settings Click Save & Apply after setup IP address

Server IP settings (For PC) Change to same IP domain for Desktop (or Laptop) which you connected to server Gateway should be LAN port IP address of your server (JetBox 5630).

Create a new VPN connection Go to VPN => OpenVPN Insert name of the connection and click Add

Build Keys for VPN connection It can t be built Key in Web interface for TLS-Mode, must create Key from command mode Use console cable connect PC & JetBox 5630 together, or you can use Telnet in CMD

Build Keys for VPN connection Enter cd /etc/openvpn/easy-rsa/2.0 Enter vi vars could be modify vars file, you can skip if you don t want to change (1024 or 2048)

Build Keys for VPN connection Enter../vars (set up vars) //Notice: There has a blank between two point Enter./clean-all (Remove all keys which created before)

Build Keys for VPN connection ca Enter./build-ca, you can press ENTER to skip Country name State...etc. if you don t want to change it

Build Keys for VPN connection - Server Enter./build-key-server server, you can press ENTER to skip Country name State...etc. if you don t want to change it Sign the certificate & 1 out 1 certificate requests certificated, commit? Please press y and then press ENTER

Build Keys for VPN connection - Client Enter./build-key client Sign the certificate & 1 out 1 certificate requests certificated, commit? Please press y and then press ENTER

Build Keys for VPN connection - DH (Diffie Hellman parameters) Enter./build-dh

Download Keys Access to the web interface of JetBox 5630 Go to VPN => Certificates click Download archive

Modify Key Extract keys file which you download from server to desktop, go to Keys like picture from below Create a new folder which name is client, and put client.crt & client.key to that folder

Setup VPN connection for server Check Automatically Start after reboot Choose tls-mode for Encryption Choose correct keys for ca dh cert & key like picture from below Check Choose tls-mode

Setup VPN connection for server 1. Check the three options 2. Add Port keepalive & route one by one in Additional Field 3. Port keepalive don t need to modify, push route should be same domain with LAN IP address of server

Server route settings Back to 5630 command mode Enter cd /etc/openvpn/ and press ENTER Enter vi (Insert the Name which you choose in page.37).conf

Server route settings Press i from your keyboard Move cursor to behind the auth SHA1 press ENTER to line feed and enter: client-config-dir ccd route 192.168.10.0 255.255.255.0 //client IP domain Press ESC when you finish Enter :wq

Server route settings Enter mkdir ccd //create ccd folder Enter cd ccd //Go to ccd Enter vi client

Server route settings Press i from your keyboard and enter: ifconfig-push 10.8.0.3 10.8.0.1 iroute 192.168.10.0 255.255.255.0 Press ESC when you finish Enter :wq

Start Open VPN connection which you created Back to OpenVPN page Click Start, and then click Save & Apply

Client Network Mode modify Go to System => Basic Settings, Change Network Mode to Router and press Apply

Client IP setting Go to System => IP Settings, setup IP address for WAN & LAN, and then Click Apply after you setup IP address

Client IP settings (For PC) Change to same IP domain for Desktop (or Laptop) which you connected to client Gateway should be LAN port IP address of your client (JetWave 2311)

Client import Key Copy Keys file which you downloaded from server, and put it to PC which you connected to client Go to Management => Certificate File Import ca.crt client.crt & client.key to client

Client time settings Go to System => Time Settings Click Get PC Time, and then click Apply

Setup VPN connection for client Go to VPN => OpenVPN Client Choose TLS for Encryption Mode Remote Server IP (1): Insert IP address of Server WAN port

Setup VPN connection for client Page down Route: Should be same domain with LAN IP address of Server

Enable VPN connection for client Page up Check Enable OpenVPN Client Connection

Enable VPN connection for client Page down Click Apply

Save settings for client Go to Save Click Save to Flash

Confirm VPN connection status Go to VPN => Status, you can check out the status of VPN connection

Thanks a lot! 56