Openvpn
From Wiki of WFilter NG Firewall
(Difference between revisions)
(→Introduction) |
|||
| Line 3: | Line 3: | ||
= Introduction = | = Introduction = | ||
| − | OpenVPN is an open-source software application that implements VPN based on SSL. This module can setup an OpenVPN server in WFilter NG Firewall. | + | * OpenVPN is an open-source software application that implements VPN based on SSL. This module can setup an OpenVPN server in WFilter NG Firewall. |
| + | * Clients need to have the correct CA certificate and valid username/password to access the VPN service. | ||
= Server Settings = | = Server Settings = | ||
| + | * Users: only "local users" with "VPN" priviledge have VPN access. | ||
* Protocol and port: connection protocol and port, shall be consistent with the client settings. | * Protocol and port: connection protocol and port, shall be consistent with the client settings. | ||
* Client Subnet: WFilter's openVPN works in "subnet" mode. In this mode, OpenVPN will setup a new subnet, which can not same as existing LAN subnets. | * Client Subnet: WFilter's openVPN works in "subnet" mode. In this mode, OpenVPN will setup a new subnet, which can not same as existing LAN subnets. | ||
Revision as of 10:31, 23 July 2017
Contents |
1 Introduction
- OpenVPN is an open-source software application that implements VPN based on SSL. This module can setup an OpenVPN server in WFilter NG Firewall.
- Clients need to have the correct CA certificate and valid username/password to access the VPN service.
2 Server Settings
- Users: only "local users" with "VPN" priviledge have VPN access.
- Protocol and port: connection protocol and port, shall be consistent with the client settings.
- Client Subnet: WFilter's openVPN works in "subnet" mode. In this mode, OpenVPN will setup a new subnet, which can not same as existing LAN subnets.
- Master CA certificate: the CA certificate which shall be copied into openVPN client directory, you can click "Replace" to generate a new certificate.
3 OpenVPN Clients
3.1 Windows Clients
- Download and install the offical openvpn client: https://openvpn.net/index.php/open-source/downloads.html
- Download openvpn certificate in WFilter NG Firewall, copy it to openvpn's config directoy with name "ca.crt".
- In config directory of openvpn, create a new text file named "myvpn.ovpn", with below content:
client dev tun proto udp #Connection protocol, same as the server settings. remote 192.168.1.246 1194 #Server IP(domain) and port nobind persist-key persist-tun ca ca.crt #ca.crt filename, same directory with the myvpn.ovpn verb 3 auth-user-pass
- Now you can launch "OpenVPN GUI" with administrator privilege, input correct username and password to access VPN.
