Giters

mmajchrzycki / lantronix-openvpn

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Enabling OpenVPN connection on Lantronix E210 routers

As the process is not well documented by Lantronix or anywhere in the web, here is the step by step guide on how to setup OpenVPN connection between two routers.

Generate Public Key Infrastructure with EasyRSA:

Help: https://community.openvpn.net/openvpn/wiki/EasyRSA3-OpenVPN-Howto

  1. Get the easy-rsa tool

    cd
git clone https://github.com/OpenVPN/easy-rsa.git
cd easy-rsa/easyrsa3/
cp vars.example vars

  2. Edit vars file, especially set

    EASYRSA_DN "org"

    And assign values to:

    • EASYRSA_REQ_COUNTRY
    • EASYRSA_REQ_PROVINCE
    • EASYRSA_REQ_CITY
    • EASYRSA_REQ_ORG
    • EASYRSA_REQ_EMAIL

    NOTE

    DON'T LEAVE ANY OF THE FIELDS EMPTY!!!

  3. Init PKI

    ./easyrsa init-pki

  4. Generate Diffie-Hellman parameters

    ./easyrsa gen-dh

  5. Create CA (Certificate Authority)

    ./easyrsa build-ca

    You have to set some password. That password will be required on the next steps.

  6. Build certificate and key for server

    ./easyrsa build-server-full <SERVER_NAME> nopass

  7. Build certificate for client

    ./easyrsa build-client-full <CLIENT_NAME> nopass

  8. After all, you should get a files structure like

    PKI files structure

Setup OpenVPN server

  1. Login to router and go to Services -> VPN -> OpenVPN

    Services -> VPN

    OpenVPN menu

  2. Create a new OpenVPN instance, choose a name and select Server configuration for a routed multi-client VPN

    OpenVPN new instance

  3. After creating, switch to advanced configuration

    Switch to advanced configuration

  4. On the Networking tab add

    • dev and set to tun0

    Switch to advanced configuration

  5. On the Cryptography

    • select tls_server
    • add ca and upload proper file
    • add dh and upload proper file
    • add cert and upload proper file
    • add key and upload proper file (see PKI files structure above)

    Cryptography configuration

  6. Go back to Overview and enable the server

    Back to overview

    Enable server (1), Save & Apply (2) and Start the server (3).

    Enabling OpenVPN server

  7. If everything went fine, you should get the server Started and Uptime timer should count the time

    OpenVPN server running

  8. Open UDP port 1194 on the firewall

    Go to Firewall

    Go to firewall

    Go to Traffic Rules

    Go to Traffic rules

    In the Open ports on router section, enter port number 1194, protocol UDP and choose a name (or left default) and click Add:

    Open port

    Then select Save & Apply on the bottom.

Setup OpenVPN client

  1. Login to router and go to Services -> VPN -> OpenVPN

    Services -> VPN

    OpenVPN menu

  2. Create a new OpenVPN instance, choose a name and select Client configuration for a routed multi-client VPN and click Add

    OpenVPN new instance

  3. After creating, switch to advanced configuration:

    OpenVPN new instance

  4. On the Networking tab add

    • dev and set to tun0

    Switch to advanced configuration

  5. On the VPN tab

    • enable client
    • enable pull (will be visible after enabling client)
    • add remote and enter VPN Server IP address and port 1194

    Switch to advanced configuration

  6. On the Cryptography tab

    • add ca and upload proper file
    • add dh and upload proper file
    • add cert and upload proper file
    • add key and upload proper file (see PKI files structure above)

    Switch to advanced configuration

  7. Click Save and go back to Overview, then Enable and Start service.

    Switch to advanced configuration

Troubleshooting

If something is not working (whether on server or client) you can add to VPN instance verb paramter with value 11. After stopping and starting server in Status -> System Log you shoulkd get more detailed inofrmation about the problem with OpenVPN instance.

About