Grandstream Networks GWN7000 User Manual
  1. Manuals
  2. Brands
  3. Grandstream Networks Manuals
  4. Network Router
  5. GWN7000
  6. User manual
Grandstream Networks GWN7000 User Manual

Grandstream Networks GWN7000 User Manual

Openvpn site-to-site vpn guide gigabit vpn router
Hide thumbs Also See for GWN7000:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual, User Manual
Grandstream Networks, Inc.
GWN7000
®
OpenVPN
Site-to-Site VPN Guide

Advertisement

Table of Contents
loading

Related Manuals for Grandstream Networks GWN7000

Summary of Contents for Grandstream Networks GWN7000

  • Page 1 Grandstream Networks, Inc. GWN7000 ® OpenVPN Site-to-Site VPN Guide...

  • Page 2: Table Of Contents

    Core Site Configuration ..........................6 Generate Self-Issued Certificate Authority (CA) ..................6 Generate Server/Client Certificates ....................... 7 Create OpenVPN ® Server........................11 Branch Site Configuration ........................13 VERIFICATION ......................16 P a g e GWN7000 OpenVPN ® Site-to-Site VPN Guide...
  • Page 3 ® Tunnel ....................16 Figure 15: Verification – Ping Test....................... 17 Figure 16: Verification – SIP Registration ....................17 Table of Tables Table 1: OpenVPN ® Server Parameters ..................... 12 P a g e GWN7000 OpenVPN ® Site-to-Site VPN Guide...

  • Page 4: Introduction

    ✓ Encryption, that will prevent man in middle attacks and eavesdropping on the network traffic. ✓ Data integrity to maintain the consistency, and trustworthiness of the messages exchanged. The purpose of this guide is to underline VPN client/server feature on Grandstream GWN7000 Router and use this feature to implement Site-to-Site VPN using OpenVPN ®...

  • Page 5: Scenario Overview

    SCENARIO OVERVIEW Company ABC has several locations offices connected to the Internet using Grandstream GWN7000 routers and for security reasons the traffic between the main office in LA and one of the branch offices in NY, the admin has decided to establish a VPN Site-to-Site between the two sites to ensure that sensitive data between the two networks is forwarded securely into the encrypted tunnel.

  • Page 6: Configuration Steps

    (PKI). To create a Certification Authority (CA), follow below steps: 1. Go to “System SettingsCert. ManagerCAs” on the GWN7000 web GUI. 2. Click on button. A popup window will appear.

  • Page 7: Generate Server/Client Certificates

    CA to local computer. The CA file has extension “.crt”. Generate Server/Client Certificates Administrator needs to create both server and client certificates for encrypted communication between clients and GWN7000 acting as an OpenVPN ® server at the core site.

  • Page 8: Figure 4: Generate Server Certificates

    ✓ Creating Client Certificate To create client certificate, follow below steps: 1- Create Users a. Go to “System SettingsUser Manager”. b. Click on button. The following window will pop up. P a g e GWN7000 OpenVPN ® Site-to-Site VPN Guide...

  • Page 9: Figure 5: Create Users

    GWN7000 acting as OpenVPN server to build a route pointing to that network ® and send all traffic destined to that IP range to the GWN7000 located on the branch site. d. Repeat above steps for each Site. 2- Generate Client Certificate a.

  • Page 10: Figure 6: Client Certificate

    “.key” format. Notes: • Client certificates generated from the GWN7000 server need to be uploaded to the GWN client. • For security improvement, each client needs to have his own username and certificate; this way even if a user is compromised, other users will not be affected.

  • Page 11: Create Openvpn ® Server

    To create a new VPN server, follow below steps: ® 1. Go under “VPNOpenVPN Server”. 2. Click on and fill in the required information as shown on the figure below. Figure 7: Create OpenVPN ® Server P a g e GWN7000 OpenVPN ® Site-to-Site VPN Guide...
  • Page 12 Choose the Transport protocol from the dropdown list, either TCP or Protocol UDP. The default protocol is UDP. Select the interface used to connect the GWN7000 to the uplink, Interface either WAN1, WAN2 or All. Configure the listening port for OpenVPN server.

  • Page 13: Branch Site Configuration

    Server Branch Site Configuration Now that the GWN7000 router at the core site is up and running, we move on to configure an OpenVPN ® client instance under the GWN7000 router on the branch site. Please follow below steps to set it up.

  • Page 14: Figure 9: Openvpn ® Client

    3. Under Remote OpenVPN Server field, put the public IP of the core site router to where the client will initiate tunnel connection. ® Figure 10: OpenVPN Client - Routes P a g e GWN7000 OpenVPN ® Site-to-Site VPN Guide...

  • Page 15: Figure 11: Openvpn ® Client - Upload Certificate And Key

    4. In Routes field, add the list of networks that are reachable through the GWN7000 running OpenVPN ® server. Here we set the IP range for the core site LAN (i.e. 192.168.1.0/24). 5. The final step would be to upload the client certificate and key, along with CA file which was used to sign the certificates.

  • Page 16: Verification

    2. Ping from branch site to core site using connected devices to each LAN. Below is a screenshot showing a UCM6102 (IP= 192.168.1.115) on core site initiating successful ping requests to a GXP2140 phone (IP=192.168.3.61) on branch site. P a g e GWN7000 OpenVPN ® Site-to-Site VPN Guide...

  • Page 17: Figure 15: Verification - Ping Test

    Figure 16: Verification – SIP Registration © 2002-2014 OpenVPN Technologies, Inc. OpenVPN is a registered trademark of OpenVPN Technologies, Inc P a g e GWN7000 OpenVPN ® Site-to-Site VPN Guide...

Table of Contents