ITS101 Installation Manual
with TCP where UDP is not possible. It should be noted that in comparison to the UDP
protocol, when using OpenVPN, TCP will be less robust over congested or unreliable
networks.
• Cipher: This drop down box defines the encryption method is to be used. Several
methods are available.
• Enable LZO compression: Placing a tick in this tick box will enable the LZO (Lempel-Ziv-
Oberhumer) data compression algorithm. The compression mechanism is disabled by
leaving the text box blank.
Note: You must click on the apply button for any new settings to be implemented.
OpenVPN requires specific certificate files and keys to secure the connection between the
server computer and the ITS101. These will be specific to your installation and as such will
need to be uploaded to the unit.
• CA public certificate upload: The browse button is used to locate the Certificate
Authority (CA) certificate, CA.crt on your computer. This certificate is common to both
the server and the ITS101 unit. Once the file is selected, clicking on the send button
will initiate the transmission of the certificate to the ITS101 unit. A confirmation
message will be sent when the file has been uploaded (see next page).
• Client public certificate upload: The browse button is used to locate the client public
certificate on your computer e.g. client1.crt. This certificate file is unique to the ITS101
unit. Once the file is selected, clicking on the send button will initiate the transmission
of the certificate to the ITS101 unit. A confirmation message will be sent when the file
has been uploaded.
• Client private certificate upload: The browse button is used to locate the client private
certificate on your computer e.g. client1.key. This certificate file is unique to the ITS101
unit. Once the file is selected, clicking on the send button will initiate the transmission
of the certificate to the ITS101 unit. A confirmation message will be sent when the file
has been uploaded.
• TLS-auth file upload: The browse button is used to locate the TLS-authentication file on
your computer e.g. ta.key. This key file is common to both the server and the ITS101
unit. Once the file is selected, clicking on the send button will initiate the transmission
of the certificate to the ITS101 unit. A confirmation message will be sent when the file
has been uploaded.
3.3.1. Setting up an OpenVPN server
In this section we give an example on how to setup an OpenVPN server on Windows. A
working OpenVPN server is required in order to use the OpenVPN capabilities of the ITS101.
First download and install the OpenVPN package. You can find it on
http://openvpn.net/index.php/open-source/downloads.html. This installs the OpenVPN
package together with a Windows GUI.
Keys generation
Now OpenVPN is installed on your system you have to setup the keys to use. OpenVPN uses
OpenSSL to generate and sign the keys. OpenSSL can be downloaded from
http://www.slproweb.com/products/Win32OpenSSL.html.
To sign the keys we generate, we do need to have a Certificate Authority (CA). This can be an
official authority like VeriSign, but we can also sign our own certificates. To do this we have to
setup our own Certificate Authority. After that we can generate keys for our server and for
ARVOO Imaging Products B.V. page 16 of 33
To Next Page
Loading...