VPN (OpenVPN) Setting Guide - Korenix
Transcript of VPN (OpenVPN) Setting Guide - Korenix
![Page 1: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/1.jpg)
1
VPN (OpenVPN) Setting Guide
Johnny
![Page 2: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/2.jpg)
Agenda
• Prepare
• Example for IP settings
• Static mode
• TLS-mode
![Page 3: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/3.jpg)
Prepare
• Required equipment Desktop or Laptop * 2
VPN Server *1 (Use JetBox 5630 in this case)
VPN Client *1 (Use JetWave 2311 in this case)
![Page 4: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/4.jpg)
WAN port
IP:192.168.20.2
Eth 1
IP:192.168.20.1
Eth 2
192.168.10.1
Eth 1
IP:192.168.30.1
PC 1 PC 2
IP: 192.168.10.111
GW: 192.168.10.1
IP: 192.168.30.10
GW: 192.168.30.1
VPN Tunnel:
Default Route IP:
192.168.20.1 <-> 192.168.20.2
VPN ifconfig:
10.8.0.1 <-> 10.8.0.2
OpenVPN Server OpenVPN Client
Example for IP settings
![Page 5: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/5.jpg)
Agenda
• Prepare
• Example for IP settings
• Static mode
• TLS-mode
![Page 6: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/6.jpg)
Static mode
• Server IP settings Setup IP address for WAN & LAN in “Network”=> “Settings”
Click “Save & Apply” after setup IP address
![Page 7: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/7.jpg)
Static mode
• Server IP settings (For PC) Change to same IP domain for Desktop (or Laptop) which you
connected to server
Gateway should be LAN port IP address of your server (JetBox 5630)
![Page 8: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/8.jpg)
Static mode
• Create a new VPN connection Go to “VPN”=> “OpenVPN”
Insert name of the connection and click “Add”
![Page 9: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/9.jpg)
Static mode
• Setup VPN connection for server 1. Choose “secret” for Encryption
2. Click “Generate”
![Page 10: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/10.jpg)
Static mode
• Setup VPN connection 3. Click file icon, chose “static.key”
4. Check the three options
![Page 11: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/11.jpg)
Static mode
• Setup VPN connection 5. Add ”Port” “keepalive” & “route” one by one in “Additional Field”
6. ”Port” “keepalive” don’t need to modify, route should be same domain with LAN IP address of client
![Page 12: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/12.jpg)
Static mode
• Download Key Go to “VPN”=> “Certificates”
Click “Download archive”
Find “static.key” in \etc\openvpn, it need to import to client later
![Page 13: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/13.jpg)
Static mode
• Start Open VPN connection which you created Back to “OpenVPN” page
Click “Start”, and then click “Save & Apply”
![Page 14: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/14.jpg)
Static mode
• Client Network Mode modify Go to “System”=> “Basic Settings”, Change “Network Mode” to
“Router” and press “Apply”
![Page 15: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/15.jpg)
Static mode
• Client IP settings Go to “System”=> “IP Settings”, setup IP address for WAN & LAN, and
then Click “Apply” after you setup IP address
![Page 16: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/16.jpg)
Static mode
• Client IP settings (For PC) Change to same IP domain for Desktop (or Laptop) which you
connected to client
Gateway should be LAN port IP address of your client (JetWave 2311)
![Page 17: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/17.jpg)
Static mode
• Client import Key Copy Keys file which you downloaded from server, and put it to PC
which you connected to client
Go to “Management”=> “Certificate File”
Import “static.key” to client
![Page 18: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/18.jpg)
Static mode
• Client time settings Go to “System”=> “Time Settings”
Click “Get PC Time”, and then click “Apply“
![Page 19: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/19.jpg)
Static mode
• Setup VPN connection for client Go to ”VPN”=> “OpenVPN Client”
Choose “Static” for Encryption Mode
Remote Server IP (1): Insert IP address of Server WAN port
![Page 20: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/20.jpg)
Static mode
• Setup VPN connection for client Page down
Route: Should be same domain with LAN IP address of Server
![Page 21: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/21.jpg)
Static mode
• Enable VPN connection for client Page up
Check “Enable OpenVPN Client Connection”
![Page 22: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/22.jpg)
Static mode
• Enable VPN connection for client Page down
Click “Apply”
![Page 23: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/23.jpg)
Static mode
• Save settings for client Go to “Save”
Click “Save to Flash”
![Page 24: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/24.jpg)
Static mode
• Confirm VPN connection status Go to “VPN”=> “Status”, you can check out the status of VPN
connection
![Page 25: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/25.jpg)
Agenda
• Prepare
• Example for IP settings
• Static mode
• TLS-mode
![Page 26: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/26.jpg)
• Server IP settings Setup IP address for WAN & LAN in “Network”=> “Settings”
Click “Save & Apply” after setup IP address
TLS-Mode
![Page 27: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/27.jpg)
• Server IP settings (For PC) Change to same IP domain for Desktop (or Laptop) which you
connected to server
Gateway should be LAN port IP address of your server (JetBox 5630).
TLS-Mode
![Page 28: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/28.jpg)
TLS-Mode
• Create a new VPN connection Go to “VPN”=> “OpenVPN”
Insert name of the connection and click “Add”
![Page 29: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/29.jpg)
TLS-Mode
• Build Keys for VPN connection It can’t be built Key in Web interface for TLS-Mode, must create Key
from command mode
Use console cable connect PC & JetBox 5630 together, or you can use Telnet in CMD
![Page 30: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/30.jpg)
TLS-Mode
(1024 or 2048)
• Build Keys for VPN connection Enter “cd /etc/openvpn/easy-rsa/2.0”
Enter “vi vars” could be modify vars file, you can skip if you don’t want to change
![Page 31: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/31.jpg)
• Build Keys for VPN connection Enter “. ./vars” (set up vars) //Notice: There has a blank between
two point
Enter “./clean-all” (Remove all keys which created before)
TLS-Mode
![Page 32: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/32.jpg)
• Build Keys for VPN connection – ca Enter “./build-ca”, you can press ENTER to skip “Country name”
“State”...etc. if you don’t want to change it
TLS-Mode
![Page 33: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/33.jpg)
• Build Keys for VPN connection - Server Enter “./build-key-server server”, you can press ENTER to skip
“Country name” “State”...etc. if you don’t want to change it
“Sign the certificate” & ”1 out 1 certificate requests certificated, commit?” Please press ”y” and then press ENTER
TLS-Mode
![Page 34: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/34.jpg)
• Build Keys for VPN connection - Client Enter “./build-key client”
“Sign the certificate” & ”1 out 1 certificate requests certificated, commit?” Please press ”y” and then press ENTER
TLS-Mode
![Page 35: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/35.jpg)
• Build Keys for VPN connection - DH (Diffie Hellman parameters) Enter “./build-dh”
TLS-Mode
![Page 36: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/36.jpg)
• Download Keys Access to the web interface of JetBox 5630
Go to “VPN” => “Certificates” click “Download archive”
TLS-Mode
![Page 37: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/37.jpg)
• Modify Key Extract keys file which you download from server to desktop, go to
Keys like picture from below
Create a new folder which name is client, and put client.crt & client.key to that folder
TLS-Mode
![Page 38: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/38.jpg)
• Setup VPN connection for server Check “Automatically Start after reboot”
Choose “tls-mode” for Encryption
Choose correct keys for “ca” “dh” “cert” & “key” like picture from below
Check
Choose tls-mode
TLS-Mode
![Page 39: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/39.jpg)
• Setup VPN connection for server 1. Check the three options
2. Add ”Port” “keepalive” & “route” one by one in “Additional Field”
3. ”Port” “keepalive” don’t need to modify, push route should be same domain with LAN IP address of server
TLS-Mode
![Page 40: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/40.jpg)
• Server route settings Back to 5630 command mode
Enter “cd /etc/openvpn/” and press ENTER
Enter “vi (Insert the Name which you choose in page.37).conf”
TLS-Mode
![Page 41: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/41.jpg)
• Server route settings Press ”i” from your keyboard
Move cursor to behind the “auth SHA1” press ENTER to line feed and enter:
• client-config-dir ccd
• route 192.168.10.0 255.255.255.0 //client IP domain
Press ESC when you finish
Enter ”:wq”
TLS-Mode
![Page 42: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/42.jpg)
• Server route settings Enter “mkdir ccd” //create “ccd” folder
Enter “cd ccd” //Go to “ccd”
Enter “vi client”
TLS-Mode
![Page 43: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/43.jpg)
• Server route settings Press ”i” from your keyboard and enter:
• ifconfig-push 10.8.0.3 10.8.0.1
• iroute 192.168.10.0 255.255.255.0
Press ESC when you finish
Enter ”:wq”
TLS-Mode
![Page 44: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/44.jpg)
• Start Open VPN connection which you created Back to “OpenVPN” page
Click “Start”, and then click “Save & Apply”
TLS-Mode
![Page 45: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/45.jpg)
• Client Network Mode modify Go to “System”=> “Basic Settings”, Change “Network Mode” to “Router”
and press “Apply”
TLS-Mode
![Page 46: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/46.jpg)
• Client IP setting Go to “System”=> “IP Settings”, setup IP address for WAN & LAN, and
then Click “Apply” after you setup IP address
TLS-Mode
![Page 47: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/47.jpg)
• Client IP settings (For PC) Change to same IP domain for Desktop (or Laptop) which you
connected to client
Gateway should be LAN port IP address of your client (JetWave 2311)
TLS-Mode
![Page 48: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/48.jpg)
TLS-Mode
• Client import Key Copy Keys file which you downloaded from server, and put it to PC
which you connected to client
Go to “Management”=> “Certificate File”
Import “ca.crt” “client.crt” & “client.key” to client
![Page 49: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/49.jpg)
• Client time settings Go to “System”=> “Time Settings”
Click “Get PC Time”, and then click “Apply“
TLS-Mode
![Page 50: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/50.jpg)
• Setup VPN connection for client Go to ”VPN”=> “OpenVPN Client”
Choose “TLS” for Encryption Mode
Remote Server IP (1): Insert IP address of Server WAN port
TLS-Mode
![Page 51: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/51.jpg)
• Setup VPN connection for client Page down
Route: Should be same domain with LAN IP address of Server
TLS-Mode
![Page 52: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/52.jpg)
• Enable VPN connection for client Page up
Check “Enable OpenVPN Client Connection”
TLS-Mode
![Page 53: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/53.jpg)
• Enable VPN connection for client Page down
Click “Apply”
TLS-Mode
![Page 54: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/54.jpg)
• Save settings for client Go to “Save”
Click “Save to Flash”
TLS-Mode
![Page 55: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/55.jpg)
• Confirm VPN connection status Go to “VPN”=> “Status”, you can check out the status of VPN
connection
TLS-Mode
![Page 56: VPN (OpenVPN) Setting Guide - Korenix](https://reader030.fdocuments.us/reader030/viewer/2022012519/61937fe8bce3ac641e25792d/html5/thumbnails/56.jpg)
56
Thanks a lot !