The ACM5000, ACM5500, IM7200 and IM4200 products with Firmware V3.2 and later each have OpenVPN clients and server software embedded.
OpenVPN allows secure VPN tunneling of data through a single TCP/UDP port over an unsecured network. So an OpenVPN tunnel could be established between a roaming Windows client and an Opengear console server within a data centre. Or OpenVPN tunnels could be set up between distributed ACM5004-2-G edge devices (which may not have any publically accessible IP addresses allocated from their carrier) and some third party OpenVPN server at the enterprise central management site.
Configuring OpenVPN can be complex so Opengear provides a simple GUI interface for basic set up. However a lot more detailed information on the OpenVPN Access server and client can be found in the many HOW TO and FAQ documents on thewww.openvpn.net site.
Enabling OpenVPN on your console server
- Select OpenVPN on the Serial & Networks menu
- Click Add and complete the Add OpenVPN Tunnel screen
- Enter any descriptive name you wish to identify the OpenVPN Tunnel you are adding, for example NorthStOutlet-VPN
- Check Enabled to enable the tunnel
- Check Control by Auto-Response if the tunnel is to be controlled by "Network Interface" Auto-Response action. If selected, the default state for the tunnel will be Down
- Select the authentication method to be used. To authenticate using certificates select PKI (X.509 Certificates) or select Custom Configuration to upload custom configuration files. Custom configurations must be stored in/etc/config
If you select PKI (public key infrastructure) you will need to establish:
- Separate certificate (also known as a public key). This Certificate File will be a *.crt file type
- Private Key for the server and each client. This Private Key File will be a *.key file type
- Master Certificate Authority (CA) certificate and key which is used to sign each of the server and client certificates. This Root CA Certificate will be a *.crt file type
- For a server you may also need dh1024.pem (Diffie Hellman parameters). Refer www.openvpn.net/easyrsa.htmlfor a guide to basic RSA key management. For alternative authentication methods seewww.openvpn.net/index.php/documentation/howto.html#auth. For more information also seewww.openvpn.net/howto.html
- Select the Device Driver to be used, either Tun-IP or Tap-Ethernet. The TUN (network tunnel) and TAP (network tap) drivers are virtual network drivers that support IP tunneling and Ethernet tunneling, respectively. TUN and TAP are part of the Linux kernel.
- Select either UDP or TCP as the Protocol. UDP is the default and preferred protocol for OpenVPN.
- In Tunnel Mode nominate whether this console server is to be the Client or Server end of the tunnel. When running as aServer the console server supports multiple clients connecting to the VPN server over the same port.
- Check or uncheck the Compression button to enable or disable compression, respectively
Configure your console server to be the OpenVPN Server or an OpenVPN Client
- Complete the Client Details or Server Details depending on the Tunnel Mode selected.
- If Client has been selected, the Primary Server Address will be the address of the OpenVPN Server.
- If Server has been selected, enter the IP Pool Network address and the IP Pool Network mask for the IP Pool. The network defined by the IP Pool Network address/mask is used to provide the addresses for connecting clients.
- Click Apply to save changes
- To enter authentication certificates and files, Edit the OpenVPN tunnel.
- Select the Manage OpenVPN Files tab. Upload or browse to relevant authentication certificates and files.
- Apply to save changes. Saved files will be displayed in red on the right-hand side of the Upload button.
- To enable OpenVPN, Edit the OpenVPN tunnel
- Check the Enabled button and click Apply to save changes. (Note: Make sure that the console server system time is correct when working with OpenVPN. Otherwise authentication issues may arise)
- Select Statistics on the Status menu to verify that the tunnel is operational.
Windows OpenVPN Server or an OpenVPN Client
For details on installing an OpenVPN Windows client (or server) and connecting to your console server OpenVPN server (or client) refer Configuring a Windows OpenVPN client or server