M2M Cellular Gateway
Scenario Application Timing
Above diagram illustrates the Security Gateway 2 or the mobile device playing the
OpenVPN VPN client role. The OpenVPN tunnel is established by the OpenVPN client
making the tunnel connection request initiation and the Security Gateway 1 in Network‐
A of headquarters serves as the OpenVPN server responding to the request. Once the
tunnel has been established, all client hosts behind the Security Gateway 2 or the
mobile device can access the resources in the Intranet of Network‐A at headquarters via
this established OpenVPN tunnel. Moreover, these hosts at OpenVPN client peer access
the Internet directly via the WAN interface of Security Gateway 1. As shown in the
diagram by configuring the OpenVPN tunnel set "TAP" for OpenVPN client peer, the
Internet accessing packets will be also sent to the Security Gateway 1 in Network‐A and
be re‐transferred to the Internet. That means the Internet accessing of OpenVPN Client
peer is also controlled by the Security Gateway 1, the OpenVPN VPN server.
Scenario Description
OpenVPN Tunneling is a Client and Server based tunneling technology.
The OpenVPN Server must have a Static IP or a FQDN, and maintain a Client list; The
Client may be a mobile user or mobile site, and requesting the OpenVPN tunnel
connection.
OpenVPN protocol is used for establishing an OpenVPN tunnel.
Parameter Setup Example
For Network‐B at Mobile Office
Following 3 tables list the parameter configuration for above example diagram of
OpenVPN VPN client in Network‐B.
Use default value for those parameters that are not mentioned in these tables.
Configuration Path
OpenVPN
Server/Client
Configuration Path
OpenVPN Client Name
Interface
Protocol
Port
Tunnel Device
Remote IP/FQDN
Authorization Mode
Index skipping is used to reserve slots for new function insertion, when required.
[OpenVPN]‐[Configuration]
■ Enable
Client Configuration
[OpenVPN]‐[OpenVPN Client Configuration]
Client1
WAN1
TCP
443
TAP
PS: TAP also called "Bridging" behaves like a real network adapter and
Broadcast traffic can transport.
TUN called "Routing" transports only layer 3 IP packets. The user has to
add routing rule according to the environment so that packets transfer
smoothly.
203.95.80.22
10.0.76.0/24
TLS
CA Cert: RootCA, Client Cert: Remote.crt
242