Openvpn

From Wiki of WFilter NG Firewall
(Difference between revisions)
Jump to: navigation, search
Line 3: Line 3:
 
= Introduction =
 
= Introduction =
  
* OpenVPN is an open-source software application that implements VPN based on SSL. This module can setup an OpenVPN server in WFilter NG Firewall.
+
* OpenVPN is an open-source software application that implements VPN based on SSL. These two modules can setup OpenVPN tunnels in WFilter NG Firewall.
* Clients need to have the correct CA certificate and valid username/password to access the VPN service.
+
** OpenVPN Server: provide VPN service for client to access.
 +
** OpenVPN Client: VPN client to connect other OpenVPN servers.
  
= Server Settings =
+
= OpenVPN Server =
 
+
== Server Settings ==
* Users: only "local users" with "VPN" priviledge have VPN access.  
+
* Auth Type: "by certificate" or "by user&pass".
 +
** Certificate: client need to import the certificate created by the server.
 +
** Users & Pass: only "local users" with "VPN" priviledge have VPN access.  
 
* Protocol and port: connection protocol and port, shall be consistent with the client settings.
 
* Protocol and port: connection protocol and port, shall be consistent with the client settings.
 
* Client Subnet: WFilter's openVPN works in "subnet" mode. In this mode, OpenVPN will setup a new subnet, which can not same as existing LAN subnets.
 
* Client Subnet: WFilter's openVPN works in "subnet" mode. In this mode, OpenVPN will setup a new subnet, which can not same as existing LAN subnets.
* Local Subnet: The subnets will be pushed to clients routing table, so client will access subnet via the VPN tunnel. For example: '''route 192.168.126.0 255.255.255.0'''
+
* Push Route: The subnets will be pushed to clients routing table, so client can access server's subnets. For example: '''route 192.168.126.0 255.255.255.0'''
 +
 
 +
[[File:openvpn_settings1.png|900px]]
 +
 
 +
== Client Settings ==
 +
 
 +
* You can only create clients in "by certificate" authenticate type.
 +
* Certificate clients can be other WFilter NGF severs or windows clients.
 +
* "Client Subnets" defines client subnets for server to access client networks. For example: '''192.168.126.0 255.255.255.0'''
 +
* You need to download the client definition and import it in client side.
 +
 
 +
[[File:openvpn_serverclient.png|600px]]
  
[[File:openvpn_settings1.png]]
+
== CA Certificate ==
  
* Master CA certificate: the CA certificate which shall be copied into openVPN client directory, you can click "Replace" to generate a new certificate.
+
* CA certificate: the CA certificate which shall be imported into openVPN client directory, you can click "Replace" to generate a new certificate.
  
[[File:openvpn_settings2.png]]
+
[[File:openvpn_settings2.png|800px]]
  
 
= OpenVPN Clients =
 
= OpenVPN Clients =

Revision as of 16:16, 14 December 2017


Contents

1 Introduction

  • OpenVPN is an open-source software application that implements VPN based on SSL. These two modules can setup OpenVPN tunnels in WFilter NG Firewall.
    • OpenVPN Server: provide VPN service for client to access.
    • OpenVPN Client: VPN client to connect other OpenVPN servers.

2 OpenVPN Server

2.1 Server Settings

  • Auth Type: "by certificate" or "by user&pass".
    • Certificate: client need to import the certificate created by the server.
    • Users & Pass: only "local users" with "VPN" priviledge have VPN access.
  • Protocol and port: connection protocol and port, shall be consistent with the client settings.
  • Client Subnet: WFilter's openVPN works in "subnet" mode. In this mode, OpenVPN will setup a new subnet, which can not same as existing LAN subnets.
  • Push Route: The subnets will be pushed to clients routing table, so client can access server's subnets. For example: route 192.168.126.0 255.255.255.0

Openvpn settings1.png

2.2 Client Settings

  • You can only create clients in "by certificate" authenticate type.
  • Certificate clients can be other WFilter NGF severs or windows clients.
  • "Client Subnets" defines client subnets for server to access client networks. For example: 192.168.126.0 255.255.255.0
  • You need to download the client definition and import it in client side.

Openvpn serverclient.png

2.3 CA Certificate

  • CA certificate: the CA certificate which shall be imported into openVPN client directory, you can click "Replace" to generate a new certificate.

Openvpn settings2.png

3 OpenVPN Clients

3.1 Windows Clients

  • Download and install the offical openvpn client: https://openvpn.net/index.php/open-source/downloads.html
  • Download openvpn certificate in WFilter NG Firewall, copy it to openvpn's config directoy with name "ca.crt".
  • In config directory of openvpn, create a new text file named "myvpn.ovpn", with below content:
client
dev tun
proto udp                   #Connection protocol, same as the server settings.
remote 192.168.1.246 1194   #Server IP(domain) and port
nobind
persist-key
persist-tun
ca ca.crt                   #ca.crt filename, same directory with the myvpn.ovpn
verb 3
auth-user-pass
  • Now you can launch "OpenVPN GUI" with administrator privilege, input correct username and password to access VPN.

Openvpn winclient01.png

Openvpn winclient02.png

Openvpn winclient03.png

Personal tools
Namespaces

Variants
Actions
Navigation
Tools