• Specify IP address for te1/0/1 interface
Import certificates and keys via tftp:
esr# copy tftp://192.168.16.10:/ca.crt certificate:ca/ca.crt
esr# copy tftp://192.168.16.10:/dh.pem certificate:dh/dh.pem
esr# copy tftp://192.168.16.10:/server.key certificate:server-key/server.key
esr# copy tftp://192.168.16.10:/server.crt certificate:server-crt/server.crt
esr# copy tftp://192.168.16.10:/ta.key certificate:ta/ta.key
Create OpenVPN server and a subnet for its operation:
esr(config)# remote-access openvpn AP
esr(config-openvpn)# network 10.10.100.0/24
Specify L3 connection type and encapsulation protocol.
esr(config-openvpn)# tunnel ip
esr(config-openvpn)# protocol tcp
Advert LAN subnets that will be available via OpenVPN connection and define DNS server
esr(config-)# route 10.10.0.0/20
esr(config-openvpn)# dns-server 10.10.1.1
Specify previously imported certificates and keys that will be used with OpenVPN server:
esr(config-openvpn)# certificate ca ca.crt
esr(config-openvpn)# certificate dh dh.pem
esr(config-openvpn)# certificate server-key server.key
esr(config-openvpn)# certificate server-crt server.crt
esr(config-openvpn)# certificate ta ta.key
Specify security zone that user sessions will be related to:
esr(config-openvpn)# security-zone VPN
Select aes128 encryption algorithm:
esr(config-openvpn)# encryption algorithm aes128
Enable OpenVPN server:
esr(config-openvpn)# enable
When a new configuration is applied, the router will listen to port 1194 (used by default).
To view OpenVPN server session status, use the following command:
To Next Page
Loading...
