Digi IX10 User Manual page 204

Virtual Private Networks (VPN)
5. For Device type, select the mode used by the OpenVPN server, either:
TUN (OpenVPN managed)
n
TAP - OpenVPN managed
n
TAP - Device only
n
See OpenVPN
6. If TUN (OpenVPN managed) or TAP - OpenVPN managed is selected for Device type:
a. For Zone, select the firewall zone for the OpenVPN server. For TUN device types, this
should be set to Internal to treat clients as LAN devices.
b. (Optional) Select the Metric for the OpenVPN server. If multiple active routes match a
destination, the route with the lowest metric will be used. The default setting is 0.
c. For Address, type the IP address and subnet mask of the OpenVPN server.
d. (Optional) For First IP address and Last IP address, set the range of IP addresses that
the OpenVPN server will use when providing IP addresses to clients. The default is from 80
to 99.
7. (Optional) Set the VPN port that the OpenVPN server will use. The default is 1194.
8. For Server managed certificates, determine the method of certificate management. If
enabled, the server will manage certificates. If not enabled, certificates must be created
externally and added to the server.
9. If Server managed certificates is not enabled:
a. Select the Authentication type:
n
n
n
b. Paste the contents of the CA certificate (usually in a ca.crt file), the Public key (for
example, server.crt), the Private key (for example, server.key), and the Diffie Hellman
key (usually in dh2048.pem) into their respective fields. The contents will be hidden when
the configuration is saved.
10. (Optional) Click to expand Access control list to restrict access to the OpenVPN server:
To limit access to specified IPv4 addresses and networks:
n
a. Click IPv4 Addresses.
b. For Add Address, click .
c. For Address, enter the IPv4 address or network that can access the device's
IX10 User Guide
for information about OpenVPN server modes.
Certificate only: Uses only certificates for client authentication. Each client
requires a public and private key.
Username/password only: Uses a username and password for client
authentication. You must create an OpenVPN authentication group and user. See
Configure an OpenVPN Authentication Group and User
Certificate and username/password: Uses both certificates and a username and
password for client authentication. Each client requires a public and private key,
and you must create an OpenVPN authentication group and user. See
OpenVPN Authentication Group and User
service-type. Allowed values are:
A single IP address or host name.
l
A network designation in CIDR notation, for example, 192.168.1.0/24.
l
any: No limit to IPv4 addresses that can access the service-type.
l
for instructions.
for instructions.
OpenVPN
Configure an
204