As the process is not well documented by Lantronix or anywhere in the web, here is the step by step guide on how to setup OpenVPN connection between two routers.
Help: https://community.openvpn.net/openvpn/wiki/EasyRSA3-OpenVPN-Howto
-
Get the
easy-rsa
toolcd git clone https://github.com/OpenVPN/easy-rsa.git cd easy-rsa/easyrsa3/ cp vars.example vars
-
Edit
vars
file, especially setEASYRSA_DN "org"
And assign values to:
EASYRSA_REQ_COUNTRY
EASYRSA_REQ_PROVINCE
EASYRSA_REQ_CITY
EASYRSA_REQ_ORG
EASYRSA_REQ_EMAIL
NOTE
DON'T LEAVE ANY OF THE FIELDS EMPTY!!!
-
Init PKI
./easyrsa init-pki
-
Generate Diffie-Hellman parameters
./easyrsa gen-dh
-
Create CA (Certificate Authority)
./easyrsa build-ca
You have to set some password. That password will be required on the next steps.
-
Build certificate and key for server
./easyrsa build-server-full <SERVER_NAME> nopass
-
Build certificate for client
./easyrsa build-client-full <CLIENT_NAME> nopass
-
After all, you should get a files structure like
-
Login to router and go to Services -> VPN -> OpenVPN
-
Create a new
OpenVPN
instance, choose a name and selectServer configuration for a routed multi-client VPN
-
After creating, switch to advanced configuration
-
On the
Networking
tab adddev
and set totun0
-
On the
Cryptography
- select
tls_server
- add
ca
and upload proper file - add
dh
and upload proper file - add
cert
and upload proper file - add
key
and upload proper file (seePKI files structure
above)
- select
-
Go back to
Overview
and enable the serverEnable server (1),
Save & Apply
(2) andStart
the server (3). -
If everything went fine, you should get the server
Started
andUptime
timer should count the time -
Open
UDP
port1194
on the firewallGo to
Firewall
Go to
Traffic Rules
In the
Open ports on router
section, enter port number1194
, protocolUDP
and choose a name (or left default) and clickAdd
:Then select
Save & Apply
on the bottom.
-
Login to router and go to Services -> VPN -> OpenVPN
-
Create a new
OpenVPN
instance, choose a name and selectClient configuration for a routed multi-client VPN
and clickAdd
-
After creating, switch to advanced configuration:
-
On the
Networking
tab adddev
and set totun0
-
On the
VPN
tab- enable
client
- enable
pull
(will be visible after enablingclient
) - add
remote
and enterVPN Server
IP address and port1194
- enable
-
On the
Cryptography
tab- add
ca
and upload proper file - add
dh
and upload proper file - add
cert
and upload proper file - add
key
and upload proper file (seePKI files structure
above)
- add
-
Click
Save
and go back toOverview
, thenEnable
andStart
service.
If something is not working (whether on server
or client
) you can add to VPN instance verb
paramter with value 11
. After stopping and starting server in Status -> System Log
you shoulkd get more detailed inofrmation about the problem with OpenVPN instance.