Table of Contents
Advertisement
Interface
Destination
Local Port
Remote OpenVPN® Server
Remote OpenVPN® Server
Port
Authentication Mode
Encryption Algorithm
Digest Algorithm
TLS Identicy
Authentication
TLS Identity Authentication
Direction
TLS Pre-Shared Key
Routes
The default protocol is UDP.
Select the
WAN port
to be used by the OpenVPN® Server.
Select the WANs, VLANs and VPNs (clients) destinations that will be using this OpenVPN® Server.
Con gure the listening port for OpenVPN® server.
The default value is 1194.
Con gure the remote OpenVPN® server IP address.
Note:
put the public IP of the OpenVPN Server router to where the client will initiate tunnel connection.
Con gures statically the local VPN tunnel IP address for the remote server.
The default value is 1194.
Choose the server mode the OpenVPN® server will operate with.
4 modes are available:
●
SSL:
Authentication is made using certi cates only (no user/pass authentication). Each user has a unique client
con guration that includes their personal certi cate and key. This is useful if clients should not be prompted to
enter a username and password, but it is less secure as it relies only on something the user has (TLS key and
certi cate).
●
User Authentication:
Authentication is made using only CA, user and password, no certi cates. Useful if the
clients should not have individual certi cates. Less secure as it relies on a shared TLS key plus only something
the user knows (Username/password).
●
SSL + User Authentication:
Requires both certi cate and username / password. Each user has a unique client
con guration that includes their personal certi cate and key.
●
PSK:
Used to establish a point-to-point OpenVPN® con guration. A VPN tunnel will be created with a server
endpoint of a speci ed IP and a client endpoint of speci ed IP. Encrypted communication between client and
server will occur over UDP port 1194, the default OpenVPN® port. Most secure as there are multiple factors of
authentication (TLS Key and Certi cate that the user has, and the username/password they know).
Choose the encryption algorithm from the dropdown list to encrypt data so that the receiver can decrypt it using
same algorithm.
Choose digest algorithm from the dropdown list, which will uniquely identify the data to provide data integrity and
ensure that the receiver has an unmodi ed data from the one sent by the original host.
This option uses a static
Pre-Shared Key
This feature adds extra protection to the
generated using the PSK key.
Select from the drop-down list the direction of TLS Identity Authentication, three options are available
or
Both).
If TLS Identicy Authentication is enabled, enter the TLS Pre-Shared Key.
Add the list of networks that are reachable through the GWN70xx router running OpenVPN® server.
(PSK) that must be generated in advance and shared among all peers.
TLS
channel by requiring that incoming packets have a valid signature
(Server, Client
Advertisement
Table of Contents
