Application Guide for Easy OpenVPN Multiclient Mode Setup

1. Summary

A VPN tunnel is an encrypted connection between your device and a VPN server.

OpenVPN is currently considered the top form of VPN tunneling protocol. That's because its encryption is especially strong. It's also adept at getting past firewalls.

Our remote cloud management platform InConnect can help setting up the OpenVPN tunnels without any hassle. Please check out: How to create an online portal account-InConnect Service

If you are using a private network without internet access or you have any other reasons preventing you from using InConnect, the following guide can help you setup your own OpenVPN tunnels.

This guide will show you how to configure IR305 Cellular Router as both OpenVPN Server and Client. 

8d25cefac37761a910f860f2c543cfdb.jpg

2. Configure IR305 as OpenVPN Server

    2.1 Configure LAN Address

After entering configure page, click "Network"è"LAN", make sure IR305 and the application server are in the right subnet: 192.168.133.0/24, here we use:

IR305: 192.168.139.1/24  End Device: 192.168.139.69/24

    2.2 Insert CA

 Learn how to create your own CA: Setting up your own OpenVPN Certificate Authority (CA)

Click "VPN"è"Certificate Management"

6962b9f80c500d92b0ddc94653443772.jpg

Click the "Browse" button at the left side of "Import CA Certificate" and then choose the right "root certificate" (e.g.: ca.crt), then click "Import CA Certificate" button.

Click the "Browse" button at the left side of "Import Public Key Certificate" and then choose the right public key file (e.g.: pub.crt), then click "Import Public Key Certificate" button.

Click the "Browse" button at the left side of "Import Private Key Certificate" and then choose the right public key file (e.g.: pub.crt), then click "Import Private Key Certificate" button.

Then click "Apply button".

    2.3 Add OpenVPN Tunnel for Each End Device

Click "VPN"è"OpenVPN Tunnels", then click "Add" to add a new tunnel, configure as below:

a69873e21d76bfe56f3d3f0eb79d4736.jpg

b735fbd3b1f0177e7a96301ea4f0b5ec.jpg

Then click "Save", after a few seconds, you will see:

5a20b35ada34c79cacf4248afcf2aa84.jpg

The first tunnel is now successfully created.

Note: Create one tunnel for each end device and use different Client subnet IP and remote subnet IP.

e.g., Tunnel_1 Client subnet IP: 10.32.0.0, remote subnet IP: 192.168.133.0

  Tunnel_2 Client subnet IP: 10.32.1.0, remote subnet IP: 192.168.134.0

    2.4 Add Client Information for Each End Device

Go to VPN>>OpenVPN Advanced

Fill Username/Common Name, Local Static Route, and Remote Static Route for each end device.

128e3145bdd3f3ffdfaffebce171e3b4.jpg

    2.5 Add Static Route for Each End Device

Go to Status>>Route Table, find out Gateway for each Tunnel

42c48d7ed94d2d73c5c59b7c9e84c9ff.jpg

Go to Network>>Static Route

Add new static route for each end device

Put destination as client subnet, gateway as we found out in Route table, Interface as the tunnel we created for this device.

9739c38d80ee6cdba79c45d463dd7f28.jpg

3. Configure IR305 as OpenVPN Client

    3.1 Configure LAN Address

After entering configure web, click "Network" è"LAN", make sure IR305 and the end devices are in the right subnet: 192.168.133.0/24, here we use:

IR305: 192.168.133.1/24   End Device: 172.16.133.127/24

    3.2 Insert CA

Click "VPN" è"Certificate Management":

077da951247dada5a515ba9ae02bcefa.jpg

Click the "Browse" button at the left side of "Import CA Certificate" and then choose the right“root certificate” (e.g.: ca.crt), then click "Import CA Certificate" button.

Click the "Browse" button at the left side of "Import Public Key Certificate" and then choose the right public key file (e.g.: pub.crt), then click "Import Public Key Certificate" button.

Click the "Browse" button at the left side of "Import Private Key Certificate" and then choose the right public key file (e.g.: pub.crt), then click "Import Private Key Certificate" button.

Then remember to click "Apply button".

    3.3 Add OpenVPN Tunnel

Click "VPN"è"OpenVPN Tunnels",then click "Add" to add a new tunnel, configure as below:

9690f789d32ebd0292d056a233544247.jpg

6e66ac0cc745ded0efaeaceea2543ffd.jpg

Then click "Save", after a few seconds, you will see:

2bd9c75c66f7bbfbfef2cc727b7bfc52.jpg

The client is now created successfully!

4. Set up PC to connect to IR305 Server

If a PC is needed at the server side to access the other clients, a Static Route to the subnet of the Client is necessary. 

In command prompt, enter "route add clientSubnetIP mask 255.255.255.0 ServerIP"

e.g., route add 192.168.133.0 mask 255.255.255.0 192.168.139.1

120a6ce443980864c1a3cce87338fa15.jpg











0 comments

To reply to the article, please Login or registered