82 ESR Series Routers Operation Manual
7.23 Configuring remote access to corporate network via OpenVPN protocol
OpenVPN is a sophisticated tool based on SSL that implements Virtual Private Networks (VPN),
enables remote access and solves many different tasks related to data transmission security.
Objective: Configure Open VPN server in L3 mode on a router for remote user connection to LAN.
OpenVPN server subnet: 10.10.100.0/24
Mode: L3
Authentication based on certificates
Fig. 7.24—Network structure
Solution:
First, do the following:
- Prepare certificates and keys:
CA certificate
OpenVPN server key and certificate
Diffie-Hellman and HMAC key for TLS
- Configure zone for te1/0/1 interface
- Specify IP address for te1/0/1 interface
Import certificates and keys via tftp
esr# copy tftp://192.168.16.10:/ca.crt certificate:ca/ca.crt
esr# copy tftp://192.168.16.10:/dh.pem certificate:dh/dh.pem
esr# copy tftp://192.168.16.10:/server.key certificate:server-key/server.key
esr# copy tftp://192.168.16.10:/server.crt certificate:server-crt/server.crt
esr# copy tftp://192.168.16.10:/ta.key certificate:ta/ta.key
Create OPENVPN server and a subnet for its operation:
esr(config)# remote-access openvpn AP
esr(config-openvpn)# network 10.10.100.0/24
Specify L3 connection type and encapsulation protocol.
esr(config-openvpn)# tunnel ip
esr(config-openvpn)# protocol tcp
Announce LAN subnets that will be available via OpenVPN connection and define DNS server
esr(config-)# route 10.10.0.0/20
esr(config-openvpn)# dns-server 10.10.1.1
To Next Page
Loading...
