Openvpn
From Wiki of WFilter NG Firewall
(Difference between revisions)
Line 3: | Line 3: | ||
= Introduction = | = Introduction = | ||
− | * OpenVPN is an open-source software application that implements VPN based on SSL. | + | * OpenVPN is an open-source software application that implements VPN based on SSL. These two modules can setup OpenVPN tunnels in WFilter NG Firewall. |
− | * | + | ** OpenVPN Server: provide VPN service for client to access. |
+ | ** OpenVPN Client: VPN client to connect other OpenVPN servers. | ||
− | = Server Settings = | + | = OpenVPN Server = |
− | + | == Server Settings == | |
− | * Users: only "local users" with "VPN" priviledge have VPN access. | + | * Auth Type: "by certificate" or "by user&pass". |
+ | ** Certificate: client need to import the certificate created by the server. | ||
+ | ** Users & Pass: only "local users" with "VPN" priviledge have VPN access. | ||
* Protocol and port: connection protocol and port, shall be consistent with the client settings. | * Protocol and port: connection protocol and port, shall be consistent with the client settings. | ||
* Client Subnet: WFilter's openVPN works in "subnet" mode. In this mode, OpenVPN will setup a new subnet, which can not same as existing LAN subnets. | * Client Subnet: WFilter's openVPN works in "subnet" mode. In this mode, OpenVPN will setup a new subnet, which can not same as existing LAN subnets. | ||
− | * | + | * Push Route: The subnets will be pushed to clients routing table, so client can access server's subnets. For example: '''route 192.168.126.0 255.255.255.0''' |
+ | |||
+ | [[File:openvpn_settings1.png|900px]] | ||
+ | |||
+ | == Client Settings == | ||
+ | |||
+ | * You can only create clients in "by certificate" authenticate type. | ||
+ | * Certificate clients can be other WFilter NGF severs or windows clients. | ||
+ | * "Client Subnets" defines client subnets for server to access client networks. For example: '''192.168.126.0 255.255.255.0''' | ||
+ | * You need to download the client definition and import it in client side. | ||
+ | |||
+ | [[File:openvpn_serverclient.png|600px]] | ||
− | + | == CA Certificate == | |
− | * | + | * CA certificate: the CA certificate which shall be imported into openVPN client directory, you can click "Replace" to generate a new certificate. |
− | [[File:openvpn_settings2.png]] | + | [[File:openvpn_settings2.png|800px]] |
= OpenVPN Clients = | = OpenVPN Clients = |
Revision as of 16:16, 14 December 2017
Contents |
1 Introduction
- OpenVPN is an open-source software application that implements VPN based on SSL. These two modules can setup OpenVPN tunnels in WFilter NG Firewall.
- OpenVPN Server: provide VPN service for client to access.
- OpenVPN Client: VPN client to connect other OpenVPN servers.
2 OpenVPN Server
2.1 Server Settings
- Auth Type: "by certificate" or "by user&pass".
- Certificate: client need to import the certificate created by the server.
- Users & Pass: only "local users" with "VPN" priviledge have VPN access.
- Protocol and port: connection protocol and port, shall be consistent with the client settings.
- Client Subnet: WFilter's openVPN works in "subnet" mode. In this mode, OpenVPN will setup a new subnet, which can not same as existing LAN subnets.
- Push Route: The subnets will be pushed to clients routing table, so client can access server's subnets. For example: route 192.168.126.0 255.255.255.0
2.2 Client Settings
- You can only create clients in "by certificate" authenticate type.
- Certificate clients can be other WFilter NGF severs or windows clients.
- "Client Subnets" defines client subnets for server to access client networks. For example: 192.168.126.0 255.255.255.0
- You need to download the client definition and import it in client side.
2.3 CA Certificate
- CA certificate: the CA certificate which shall be imported into openVPN client directory, you can click "Replace" to generate a new certificate.
3 OpenVPN Clients
3.1 Windows Clients
- Download and install the offical openvpn client: https://openvpn.net/index.php/open-source/downloads.html
- Download openvpn certificate in WFilter NG Firewall, copy it to openvpn's config directoy with name "ca.crt".
- In config directory of openvpn, create a new text file named "myvpn.ovpn", with below content:
client dev tun proto udp #Connection protocol, same as the server settings. remote 192.168.1.246 1194 #Server IP(domain) and port nobind persist-key persist-tun ca ca.crt #ca.crt filename, same directory with the myvpn.ovpn verb 3 auth-user-pass
- Now you can launch "OpenVPN GUI" with administrator privilege, input correct username and password to access VPN.