M2M Cellular Gateway
server role. The OpenVPN tunnel is established by starting from OpenVPN client, the
Security Gateway 2 in Network‐B or the mobile device, like notebook. All client hosts
behind the Security Gateway 2 or the mobile device can access the resources in the
Intranet of Network‐A at headquarters via this established OpenVPN tunnel. Usually,
these hosts at OpenVPN client peer access the Internet directly via the WAN interface
of Security Gateway 2. Only the packets whose destination is in the dedicated subnet to
Network‐A will be transferred via the OpenVPN tunnel.
Scenario Description
OpenVPN Tunneling is a Client and Server based tunneling technology.
The OpenVPN Server must have a Static IP or a FQDN, and maintain a Client list. The
Client may be a mobile user or mobile site, and requesting the OpenVPN tunnel
connection.
OpenVPN protocol is used for establishing an OpenVPN VPN tunnel.
Parameter Setup Example
For Network‐A at HQ
Following below tables list the parameter configuration for above example diagram of
OpenVPN server in Network‐A.
Use default value for those parameters that are not mentioned in these tables.
Configuration Path
OpenVPN
Server/Client
Configuration Path
OpenVPN Server
Protocol
Port
Tunnel Device
Authorization Mode
IP Pool Starting Address
IP Pool Ending Address
Index skipping is used to reserve slots for new function insertion, when required.
[OpenVPN]‐[Configuration]
■ Enable
Server Configuration
[OpenVPN]‐[OpenVPN Server Configuration]
■ Enable
TCP
443
TAP
PS: TAP also called "Bridging" behaves like a real network adapter and Broadcast
traffic can transport.
TUN called "Routing" transports only layer 3 IP packets. The user has to add routing
rule according to the environment so that packets transfer smoothly.
TLS
CA Cert: RootCA, Server Cert: Local.crt
DH PEM : Default
‐‐‐‐‐BEGIN DH PARAMETERS‐‐‐‐‐
MIGHAoGBAMq4z88pL8X1dzmDmnr7nyV3w3L1rDU4Q+4SJiGQjR6b2nb4tf9jw/QJ
W/ENgduKKXsltYSAzOZ9gXoNxwFGc9nKd4LfGpjQl9lIoHTp0eTdb9b5EKeR6B7h
QxkfLBwVv1YZh9oUXm6pdewpg2QdZ2KtiOlMpgsJyaqRMQ3MlNB7AgEC
‐‐‐‐‐END DH PARAMETERS‐‐‐‐‐
PS: Security Gateway 1 is the role of RootCA and trusted CA.
10.0.76.100
10.0.76.150
239