Digi IX10 User Manual page 206

Virtual Private Networks (VPN)
3. At the config prompt, type:
(config)> add vpn openvpn server name
(config vpn openvpn server name)>
where name is the name of the OpenVPN server.
The OpenVPN server is enabled by default. To disable the server, type:
(config vpn openvpn server name)> enable false
(config vpn openvpn server name)>
4. Set the mode used by the OpenVPN server:
(config vpn openvpn server name)> device_type value
(config vpn openvpn server name)>
where value is one of:
TUN (OpenVPN managed)—Also known as routing mode. Each OpenVPN client is
n
assigned a different IP subnet from the OpenVPN server and other OpenVPN clients.
OpenVPN clients use Network Address Translation (NAT) to route traffic from devices
connected on its LAN interfaces to the OpenVPN server.
TAP - OpenVPN managed—Also know as bridging mode. A more advanced
n
implementation of OpenVPN. The IX10 device creates an OpenVPN interface and uses
standard interface configuration (for example, a standard DHCP server configuration).
TAP - Device only—An alternate form of OpenVPN bridging mode, in which the device,
n
rather than OpenVPN, controls the interface configuration. If this method is is, the
OpenVPN server must be included as a device in either an interface or a bridge.
See OpenVPN
5. If tap or tun are set for device_type:
a. Set the IP address and subnet mask of the OpenVPN server.
(config vpn openvpn server name)> address ip_address/netmask
(config vpn openvpn server name)>
b. Set the firewall zone for the OpenVPN server. For TUN device types, this should be set to
internal to treat clients as LAN devices.
(config vpn openvpn server name)> zone value
(config vpn openvpn server name)>
To view a list of available zones:
(config vpn openvpn server name)> firewall zone ?
Zone: The zone for the local TUN interface. To treat clients as LAN
devices this would usually be
set to internal.
Format:
any
dynamic_routes
IX10 User Guide
for information about OpenVPN modes. The default is tun.
OpenVPN
206