✓ Encryption, that will prevent man in middle attacks and eavesdropping on the network traffic. ✓ Data integrity to maintain the consistency, and trustworthiness of the messages exchanged. The purpose of this guide is to underline VPN client/server feature on Grandstream GWN7000 Router and use this feature to implement Site-to-Site VPN using OpenVPN ®...
SCENARIO OVERVIEW Company ABC has several locations offices connected to the Internet using Grandstream GWN7000 routers and for security reasons the traffic between the main office in LA and one of the branch offices in NY, the admin has decided to establish a VPN Site-to-Site between the two sites to ensure that sensitive data between the two networks is forwarded securely into the encrypted tunnel.
(PKI). To create a Certification Authority (CA), follow below steps: 1. Go to “System SettingsCert. ManagerCAs” on the GWN7000 web GUI. 2. Click on button. A popup window will appear.
CA to local computer. The CA file has extension “.crt”. Generate Server/Client Certificates Administrator needs to create both server and client certificates for encrypted communication between clients and GWN7000 acting as an OpenVPN ® server at the core site.
✓ Creating Client Certificate To create client certificate, follow below steps: 1- Create Users a. Go to “System SettingsUser Manager”. b. Click on button. The following window will pop up. P a g e GWN7000 OpenVPN ® Site-to-Site VPN Guide...
GWN7000 acting as OpenVPN server to build a route pointing to that network ® and send all traffic destined to that IP range to the GWN7000 located on the branch site. d. Repeat above steps for each Site. 2- Generate Client Certificate a.
“.key” format. Notes: • Client certificates generated from the GWN7000 server need to be uploaded to the GWN client. • For security improvement, each client needs to have his own username and certificate; this way even if a user is compromised, other users will not be affected.
To create a new VPN server, follow below steps: ® 1. Go under “VPNOpenVPN Server”. 2. Click on and fill in the required information as shown on the figure below. Figure 7: Create OpenVPN ® Server P a g e GWN7000 OpenVPN ® Site-to-Site VPN Guide...
Page 12
Choose the Transport protocol from the dropdown list, either TCP or Protocol UDP. The default protocol is UDP. Select the interface used to connect the GWN7000 to the uplink, Interface either WAN1, WAN2 or All. Configure the listening port for OpenVPN server.
Server Branch Site Configuration Now that the GWN7000 router at the core site is up and running, we move on to configure an OpenVPN ® client instance under the GWN7000 router on the branch site. Please follow below steps to set it up.
3. Under Remote OpenVPN Server field, put the public IP of the core site router to where the client will initiate tunnel connection. ® Figure 10: OpenVPN Client - Routes P a g e GWN7000 OpenVPN ® Site-to-Site VPN Guide...
4. In Routes field, add the list of networks that are reachable through the GWN7000 running OpenVPN ® server. Here we set the IP range for the core site LAN (i.e. 192.168.1.0/24). 5. The final step would be to upload the client certificate and key, along with CA file which was used to sign the certificates.
2. Ping from branch site to core site using connected devices to each LAN. Below is a screenshot showing a UCM6102 (IP= 192.168.1.115) on core site initiating successful ping requests to a GXP2140 phone (IP=192.168.3.61) on branch site. P a g e GWN7000 OpenVPN ® Site-to-Site VPN Guide...