ESR series service routers.ESR-Series. User manual
•
•
•
•
•
•
Solution:
First, do the following:
Prepare certificates and keys:
CA certificate;
OpenVPN server key and certificate;
Diffie-Hellman and HMAC key for TLS.
Configure zone for te1/0/1 interface;
Specify IP address for te1/0/1 interface.
Import certificates and keys via TFTP:
esr# copy tftp://192.168.16.10:/ca.crt certificate:ca/ca.crt
esr# copy tftp://192.168.16.10:/dh.pem certificate:dh/dh.pem
esr# copy tftp://192.168.16.10:/server.key certificate:server-key/server.key
esr# copy tftp://192.168.16.10:/server.crt certificate:server-crt/server.crt
esr# copy tftp://192.168.16.10:/ta.key certificate:ta/ta.key
Create OpenVPN server and a subnet for its operation:
esr(config)# remote-access openvpn AP
esr(config-openvpn)# network 10.10.100.0/24
Specify L3 connection type and encapsulation protocol:
esr(config-openvpn)# tunnel ip
esr(config-openvpn)# protocol tcp
Advert LAN subnets that will be available via OpenVPN connection and define DNS server:
esr(config-)# route 10.10.0.0/20
esr(config-openvpn)# dns-server 10.10.1.1
Specify previously imported certificates and keys that will be used with OpenVPN server:
esr(config-openvpn)# certificate ca ca.crt
esr(config-openvpn)# certificate dh dh.pem
esr(config-openvpn)# certificate server-key server.key
esr(config-openvpn)# certificate server-crt server.crt
esr(config-openvpn)# certificate ta ta.key
Specify security zone that user sessions will be related to:
esr(config-openvpn)# security-zone VPN
Select aes128 encryption algorithm:
esr(config-openvpn)# encryption algorithm aes128
To Next Page
Loading...
Need help?
General
