6.1.2.1
OpenVPN TUN Scenario
The term "TUN" refers to the routing mode and operates with layer 3 packets. In routing mode, the VPN client is given an IP
address on a different subnet than the local LAN under the OpenVPN server. This virtual subnet is created for connecting to
remote VPN computers. In routing mode, the OpenVPN server creates a "TUN" interface with its own IP address pool which
is different to the local LAN. Remote hosts that dial-in will get an IP address inside the virtual network and will have access
only to the server where OpenVPN resides.
If you want to offer remote access to a VPN server from clients and inhibit the access to remote LAN resources under VPN
server, OpenVPN TUN mode is the simplest solution.
As shown in the diagram, the NTC-400 Series Router is configured as an OpenVPN TUN Client and connects to an OpenVPN
TUN Server. Once the OpenVPN TUN connection is established, the connected TUN client will be assigned a virtual IP
(10.8.0.2) which belongs to a virtual subnet that is different to the local subnet in the Control Centre. With such connection,
the local networked devices will get a virtual IP 10.8.0.x if its traffic goes through the OpenVPN TUN connection when
Redirect Internet Traffic settings is enabled. The SCADA Server in the Control Centre can access remotely attached serial
device(s) with the virtual IP address (10.8.0.2).
214 of 359
© NetComm Wireless 2019
Figure 250 – OpenVPN TUN Scenario
User Guide