It is possible to permanently store the key to allow the tunnel to be established automatically. The purpose of this guide is to underline VPN client/server feature on Grandstream GWN7000 Router. This guide covers OpenVPN® client/server configuration, L2TP client configuration and PPTP client configuration.
GWN7000 router supports 3 VPN types: • OpenVPN®: GWN7000 can act as VPN server with remote VPN clients, or it can as VPN client connected to a remote VPN server. •...
OpenVPN®, L2TP/IPSec or PPTP. OpenVPN® Server Configuration To use the GWN7000 as an OpenVPN® server, users need to start creating OpenVPN® certificates and client certificates. Before generating server/client certificates, users should generate first the Certificate Authority (CA) which will help to issue server/clients certificates.
2048: 2048-bit keys are a good minimum. (Recommended). • 4096: 4096-bit keys are accepted by nearly all RSA systems. Using 4096-bit keys will dramatically increase generation time, TLS handshake delays, and CPU usage for TLS operations. P a g e GWN7000 VPN Guide...
Figure 5: CA Certificate Generate Server/Client Certificates Users need to create both server and client certificates for encrypted communication between clients and GWN7000 acting as an OpenVPN® server. ❖ Creating Server Certificate To create server certificate, follow below steps: 1. Go to “System Settings > Cert. Manager > Certificates”.
Select CA certificate previously generated from the dropdown list. CA Certificate In our example, “CATest”. Choose the certificate type from the dropdown list. It can be either a Certificate Type client or a server certificate. Choose “Server” to generate server certificate. P a g e GWN7000 VPN Guide...
Page 10
Notes: • The server certificates (.crt and .key) will be used by the GWN7000 when acting as a server. • The server certificates (.crt and .key) can be exported and used on another OpenVPN® server.
2- Create Client Certificate a. Go to “System Settings > Cert. Manager > Certificates”. b. Click on button. The following window will pop up. c. Enter client certificate information based on below descriptions. P a g e GWN7000 VPN Guide...
Choose the certificate type from the dropdown list. Certificate Type It can be either a client or server certificate. In our example, select “Client”. Select created user to generate his certificate. Username In our example, select “User1”. P a g e GWN7000 VPN Guide...
Page 13
“.key” format. Click on to revoke the client certificate if no longer needed. The client certificates (“.crt” and “.key”) will be used by clients connected to the GWN7000 in order to establish TLS handshake. Notes: •...
“VPN > OpenVPN® > Server”. To create a new VPN server, follow below steps: 1. Click on and the following window will pop up. Figure 9: Create OpenVPN® Server P a g e GWN7000 VPN Guide...
Choose the Transport protocol from the dropdown list, either TCP or Protocol UDP. The default protocol is UDP. Select the interface used to connect the GWN7000 to the uplink, Interface either WAN1, WAN2 or All. Configure the listening port for OpenVPN® server.
There are two ways to use the GWN7000 as an OpenVPN® client: 1) Upload client certificate created from an OpenVPN® server to GWN7000. 2) Create client/server certificates on GWN7000 and upload server certificate to the OpenVPN® server. P a g e...
Go to “VPN > OpenVPN® > Client” and follow steps below: 1. Click on and the following window will pop up. Figure 11: OpenVPN® Client P a g e GWN7000 VPN Guide...
Choose the Transport protocol from the dropdown list, either TCP or Protocol UDP. The default protocol is UDP. Select the interface used to connect the GWN7000 to the uplink, Interface either WAN1, WAN2 or All. Configure the listening port for OpenVPN® server.
Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy. GWN7000 L2TP/IPSec Client Configuration To configure L2TP client on the GWN7000, go to “VPN > L2TP/IPSec” and set the following: 1- Click on and the following window will pop up.
When using L2TP/IPSec client mode, enable this option to allow devices behind GWN7000 to reach L2TP/IPSec server LAN (LAN to IP Masquerading LAN scenario). If disabled, only GWN7000 will be able to reach L2TP/IPSec server LAN (client to LAN scenario). Use DNS from Server Enable this option to retrieve DNS from the VPN server.
Internet. Point-to-Point Tunneling Protocol (PPTP) allows the creation of virtual private networks (VPNs), which tunnel TCP/IP traffic through the Internet. GWN7000 Client Configuration To configure PPTP client on the GWN7000, go to “VPN > PPTP” and set the following: 1- Click on and the following window will pop up.
When using PPTP client mode, enable this option to allow devices behind GWN7000 to reach PPTP server LAN (LAN to LAN IP Masquerading scenario). If disabled, only GWN7000 will be able to reach PPTP server LAN (client to LAN scenario). Use DNS from Server Enable this option to retrieve DNS from the VPN server.