Difference between revisions of "OpenVPN"

From IPLOG
Jump to: navigation, search
(Created page with "<span style="color: red; font-size: 25px;"><b> Under Construction! </b></span> = Introduction = The purpose of this document is to describe how to create a VPN connection bet...")
 
(English corrections)
 
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
<span style="color: red; font-size: 25px;"><b> Under Construction! </b></span>
 
 
 
= Introduction =
 
= Introduction =
The purpose of this document is to describe how to create a VPN connection between IPLOG device(s) and server via OpenVPN.
+
The purpose of this document is to describe how to create a VPN connection between IPLOG device(s) and a server via OpenVPN.
  
 
This document describes
 
This document describes
* OpenVPN server installation and configuration on Debian machine
+
* OpenVPN server installation and configuration on a Debian machine
* OpenVPN client installation and configuration on IPLOG device
+
* OpenVPN client installation and configuration on an IPLOG device
 
* OpenVPN client installation and configuration on Windows 10 machine
 
* OpenVPN client installation and configuration on Windows 10 machine
  
== OpenVPN ==  
+
 
 +
 
 +
= OpenVPN =  
 
OpenVPN is an open-source commercial software that implements virtual private network (VPN) techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL).  
 
OpenVPN is an open-source commercial software that implements virtual private network (VPN) techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL).  
  
Line 15: Line 15:
  
  
== OpenVPN server ==
+
== OpenVPN Server ==
OpenVPN server is available as standard package in many Linux distribution. This document is focused on Debian distribution.
+
OpenVPN server is available as a standard package in many Linux distributions. This document is focused on Debian distribution.
  
=== Install server ===
+
=== Install Server ===
The following command install the OpenVPN package witch contains both '''server and client'''.  
+
The following command installs the OpenVPN package witch contains both the '''server and the client'''.  
  
 
{{NotePre
 
{{NotePre
Line 43: Line 43:
 
|}
 
|}
  
 
+
The following lines need to be included '''/etc/openvpn/server.conf'''
The following lines need to in '''/etc/openvpn/server.conf'''
 
  
 
{{NotePre
 
{{NotePre
Line 72: Line 71:
  
 
== OpenVPN Client for IPLOG Device ==
 
== OpenVPN Client for IPLOG Device ==
OpenVPN client is already installed in all IPLOG devices.
+
The OpenVPN client is already installed in all IPLOG devices.
  
 
=== Configure Client ===
 
=== Configure Client ===
Line 90: Line 89:
 
|}
 
|}
  
 
+
The following lines need to be included '''/etc/openvpn/client01.conf'''
The following lines need to in '''/etc/openvpn/client01.conf'''
 
 
{{NotePre
 
{{NotePre
 
|text=
 
|text=
Line 118: Line 116:
  
  
== OpenVPN client for Windows ==
+
== OpenVPN Client for Windows ==
This section describes how to install the OpenVPN client to Windows 10.
+
This section describes how to install the OpenVPN client into Windows 10.
  
 
=== Install Client ===
 
=== Install Client ===
Line 126: Line 124:
 
2. Wait until the download completes, and then open it.
 
2. Wait until the download completes, and then open it.
  
3. Follow the install wizard.
+
3. Follow the install Wizard.
 +
Click on the '''Next''' to start the installation.
 +
 
 +
[[File:Welcome.png|300px]]
 +
 
 +
 
 +
Confirm the License Agreement.
 +
 
 +
[[File:License Agreement.png|300px]]
 +
 
 +
 
 +
Choose the  OpenVPN components you wish to install.
 +
 
 +
[[File:Components.png|300px]]
 +
 
 +
 
 +
Choose the location to run the installatiom and click on the '''Install''' button.
 +
 
 +
[[File:File Location.png|300px]]
 +
 
 +
 
 +
The Install Wizard automatically starts to install all components, when the '''Complete''' label appears continue by clicking '''Next'''.
 +
 
 +
[[File:Complete.png|300px]]
 +
 
 +
 
 +
The Installation is completed. '''Show Readme''' allows you to view a basic configuration information.
 +
 
 +
[[File:End Wizard.png|300px]]
 +
 
 +
 
 +
=== Configure Client ===
 +
The files in the table below are needed for configuration. These files can be generated and specified in RD-02(TBW).
 +
 
 +
{| class="wikitable"
 +
|-
 +
! File extension !! Description
 +
|-
 +
| ca.crt || This file contains root CA certificate.
 +
|-
 +
| client01.crt || This file contains client certificate.
 +
|-
 +
| client01.key || This file contains the client private key.
 +
|-
 +
| client.ovpn || This file is OpenVPN client configuration. The extension .conf is mandatory, but the filename can be changed.
 +
|}
 +
 
 +
==== a) Run the OpenVPN Program ====
 +
The OpenVPN message. No config files were imported into the program.
 +
 
 +
[[File:OpenVPNMessage.png|200px]]
 +
 
 +
==== b) Copy and Edit File ====
 +
 
 +
'''C:\Program Files\OpenVPN\sample-config\client.ovpn''' to '''C:\Users\Root\OpenVPN\config'''
 +
 
 +
The following lines need to be included '''C:\Users\Root\OpenVPN\config\client.ovpn'''
 +
 
 +
{{NotePre
 +
|text=
 +
client
 +
 
 +
proto tcp
 +
remote vpn.iplog.eu 1195
 +
 
 +
dev tun
 +
 
 +
resolv-retry infinite
 +
nobind
 +
 
 +
persist-key
 +
persist-tun
 +
 
 +
ca ca.crt
 +
cert client01.crt
 +
key client01.key
 +
 
 +
comp-lzo
 +
route-method exe
 +
route-delay 2
 +
}}
 +
 
 +
 
 +
 
 +
=== Connection to VPN ===
 +
Right click to the OpenVPN icon in the notification area of Taskbar, select '''Connect'''.
 +
 
 +
[[File:OpenVPNTaskBar.png|300px]]
 +
 
 +
 
 +
A Successful connection is logged in the dialog window, '''Initialization Sequence Completed'''.
 +
 
 +
[[File:OpenVPNConnection.png|300px]]

Latest revision as of 12:34, 13 February 2019

Introduction

The purpose of this document is to describe how to create a VPN connection between IPLOG device(s) and a server via OpenVPN.

This document describes

  • OpenVPN server installation and configuration on a Debian machine
  • OpenVPN client installation and configuration on an IPLOG device
  • OpenVPN client installation and configuration on Windows 10 machine


OpenVPN

OpenVPN is an open-source commercial software that implements virtual private network (VPN) techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL).

All information about OpenVPN at the link openvpn.net


OpenVPN Server

OpenVPN server is available as a standard package in many Linux distributions. This document is focused on Debian distribution.

Install Server

The following command installs the OpenVPN package witch contains both the server and the client.

metel@debian:~$ apt-get install openvpn

Configure Server

The files, as specified in table below, need to be installed first. These files can be generated, as specified in RD-02(TBW).

File extension Description
ca.crt This file contains root CA certificate.
server.crt This file contains server certificate.
server.key This file contains the server private key.
dh2048.pem This file is needed.
server.conf This file is OpenVPN server configuration. The extension .conf is mandatory, but the filename can be changed.

The following lines need to be included /etc/openvpn/server.conf

# port number and protocol(tcp/udp) can be changed as needed
port 1194
proto tcp

dev tun

ca ca.crt
cert server.crt
dh dh2048.pem

# this is IP adrress range used by OpenVPN server
server 172.16.0.0 255.255.255.0

# the following line enables communication among clients 
client-to-client

comp-lzo
persist-key
persist-tun


OpenVPN Client for IPLOG Device

The OpenVPN client is already installed in all IPLOG devices.

Configure Client

The files in table below are needed before configuration. These files can be generated, as specified in RD-02(TBW).

File extension Description
ca.crt This file contains root CA certificate.
client01.crt This file contains client certificate.
client01.key This file contains the client private key.
client01.conf This file is OpenVPN client configuration. The extension .conf is mandatory, but the filename can be changed.

The following lines need to be included /etc/openvpn/client01.conf

client

proto tcp
remote vpn.iplog.eu 1195

dev tun

resolv-retry infinite
nobind

persist-key
persist-tun

ca ca.crt
cert client01.crt
key client01.key

comp-lzo
route-method exe
route-delay 2


OpenVPN Client for Windows

This section describes how to install the OpenVPN client into Windows 10.

Install Client

1. Download installation file at the link Download OpenVPN.

2. Wait until the download completes, and then open it.

3. Follow the install Wizard. Click on the Next to start the installation.

Welcome.png


Confirm the License Agreement.

License Agreement.png


Choose the  OpenVPN components you wish to install.

Components.png


Choose the location to run the installatiom and click on the Install button.

File Location.png


The Install Wizard automatically starts to install all components, when the Complete label appears continue by clicking Next.

Complete.png


The Installation is completed. Show Readme allows you to view a basic configuration information.

End Wizard.png


Configure Client

The files in the table below are needed for configuration. These files can be generated and specified in RD-02(TBW).

File extension Description
ca.crt This file contains root CA certificate.
client01.crt This file contains client certificate.
client01.key This file contains the client private key.
client.ovpn This file is OpenVPN client configuration. The extension .conf is mandatory, but the filename can be changed.

a) Run the OpenVPN Program

The OpenVPN message. No config files were imported into the program.

OpenVPNMessage.png

b) Copy and Edit File

C:\Program Files\OpenVPN\sample-config\client.ovpn to C:\Users\Root\OpenVPN\config

The following lines need to be included C:\Users\Root\OpenVPN\config\client.ovpn

client

proto tcp
remote vpn.iplog.eu 1195

dev tun

resolv-retry infinite
nobind

persist-key
persist-tun

ca ca.crt
cert client01.crt
key client01.key

comp-lzo
route-method exe
route-delay 2


Connection to VPN

Right click to the OpenVPN icon in the notification area of Taskbar, select Connect.

OpenVPNTaskBar.png


A Successful connection is logged in the dialog window, Initialization Sequence Completed.

OpenVPNConnection.png