Whitepaper. OpenVPN Client/Router. Version 1 / 12/15/2015

Similar documents
Whitepaper. IPSec Client/Router. Version /1/2016

Usage of the Global SIM card for REX routers ( SIM01)

SSW5/USB. S5-PLC to USB converter cable US US13. User Manual. Edition 2 / / HW1 and higher

Quick Start Guide REX 100 WAN WiFi

Quick Start Guide WALL IE. Version. 7 en. as of FW

Quick Start Guide NETL ink Ethernet Gateways

SECURE IOT REMOTE MAINTENANCE ACCESS Remote maintenance Visualization Alarming Logging

Quick Start Guide REX 100 WAN WiFi. Version. 4 en. as of FW

SECURE IOT REMOTE MAINTENANCE ACCESS Remote maintenance Visualization Alarming Logging

CAN-Bridge. CAN Communications Module for CAN 2.0 A/B, CAN Layer AA01. Manual. Version 1/ from HW 1 & FW 1.00

Quick Start Guide REX 100 WAN WiFi. Version. 2 en. from FW

SSW7-RK512/RS422. Adapter for MPI Bus with RK512 Protocol, RS VK21. User Manual. Version: 1 / HW: 1 / FW: 2.

Quick Start Guide REX 100 3G LTE. Version. 2 en. as of FW

SSW7. User Manual. Adapter for MPI-Bus. Version:2 / HW: 1 / FW: 3.0 and higher. Order number of manual: VK21/en VK21

SIMATIC NET. Industrial Ethernet Security SCALANCE S615 Getting Started. Preface. Connecting SCALANCE S615 to the WAN 1

SECURE IOT REMOTE MAINTENANCE ACCESS Remote maintenance Visualization Alarming Logging

Manual. WALL IE - Industrial NAT Gateway and Firewall. Version 2 1/17/2019 as of firmware V Manual order number: WAL01

Quick Start Guide PROFINET Switch 4/8-port. Version. 1en.

Siemens Spares. Setting up security in STEP 7. Professional SIMATIC NET. Industrial Ethernet Security Setting up security in STEP 7 Professional

REX 300 White Paper I/O Manager

u-link Remote Access Service Technical User Guide Version 1.4

SIMATIC NET. Industrial Remote Communication - Remote Networks SINEMA Remote Connect. Preface. Connecting the SINEMA RC Server to the WAN 1

Quick Start Guide REX 100 3G LTE. Version. 2 en. from FW

Quick Start Guide PN/CAN-Gateway. Version. 1 en. from FW

SECURE IOT REMOTE MACHINE ACCESS Remote maintenance Visualization Alarms Protocolling

Quick Start Guide REX 300. Version. 1 en. from FW

Download OpenVPN windows installer 64bit or 32bit software. (

Quick Start Guide REX 100 3G LTE. Version. 3 en. as of FW

Quick Start Guide PN/CAN Gateway Layer 2. Version. 2 en. ab FW

Comodo One Software Version 3.8

SIMATIC NET. Industrial Remote Communication - Remote Networks SINEMA Remote Connect - Client. Preface. Requirements for operation 1

Sophos Firewall Configuring SSL VPN for Remote Access

APPLICATION NOTE 003. WeConnect. Industrial Remote Access Made Easy. AppNote003-WeConnect ver1.0. page 1

Yamaha Router Configuration Training ~ Web GUI ~

April AT&T Collaborate SM. Customer Configuration Guide

INDUSTRIAL COMMUNICATION AND INFRASTRUCTURE Automation innovative and secure networking

SINEMA Remote Connect - Client SIMATIC NET. Industrial Remote Communication SINEMA Remote Connect - Client. Preface. Requirements for operation

Viola M2M Gateway. OpenVPN Application Note. Document version 1.0 Modified September 24, 2008 Firmware version 2.4

N150 WiFi DSL Modem Router Essentials Edition. N300 WiFi DSL Modem Router Essentials Edition

Firmware Update Tool Software Program for Updating the Firmware for the SECUTEST BASE, BASE10 and PRO Test Instruments

NCP VPN Path Finder for Juniper SRX Gateways

NETL ink gateways. Ethernet gateways WLAN gateways High-speed USB gateways

F5 WANJet 200. Quick Start Guide. Quick Start Overview

Chapter Twenty-six (f): Open VPN - RoadWarrior for System Administrator s

Quick Note 026. Using the firewall of a Digi TransPort to redirect HTTP Traffic to a proxy server. Digi International Technical Support

Schneider Electric License Manager

Setting up a secure VPN Connection between the TS Adapter IE Advanced and Windows 7

Wireless-G Router User s Guide

Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide

How to open ports in the DSL router firmware version 2.xx and above

Cloud Access Manager How to Deploy Cloud Access Manager in a Virtual Private Cloud

Pro-face Connect Troubleshooting for LinkManager (Starting up and Connecting)

SSW7-USB. User Manual VK21. Edition 3 / HW 6a and FW 3.29 and higher. Order number of manual: VK21/en

How to use OpenVPN Server/Client on

SIMATIC NET. Industrial Ethernet / PROFINET Primary Setup Tool (PST) Preface. Functions 1. Software installation 2. Operation. Configuration Manual

Table of contents. Dear customer!

ArtNet-LED-Dimmer 4 MK2

Model No. KX-HCM110A. Trademarks... 2 Abbreviations... 2 Troubleshooting... 3

Schneider Electric Floating License Manager

SINEMA Remote Connect - Server SIMATIC NET. Industrial Remote Communication - TeleControl SINEMA Remote Connect - Server. Preface

Connection. to SECON-Server

Proxicast IPSec VPN Client Example

Startup Tool TG - Getting Started Guide

Kerio VPN Client. User Guide. Kerio Technologies

Example - Configuring a Site-to-Site IPsec VPN Tunnel

Secure Single Sign On with FingerTec OFIS

Installation Instructions for SAS Activity-Based Management 6.2

Setting up securityglobal FW Rulesets SIMATIC NET. Industrial Ethernet Security Setting up security. Preface. Firewall in standard mode

Centrix WorkSpace Discovery Installation Guide. Version 1.0

Configuring OpenVPN on pfsense

Intel Small Business Extended Access. Deployment Guide

Dolby Conference Phone. Configuration Guide for Microsoft Skype for Business

Installation Guide. CompanyCRYPT v1.4.5

Tofino CMP Installation & Upgrade Guide Tofino CMP Version Tofino Firmware Version 1.7.0

Primary Setup Tool (PST) SIMATIC NET. Industrial Ethernet / PROFINET Primary Setup Tool (PST) Preface. Description. Software installation 2

ArtNet-DMX UNIVERSE DR 1.1

CHAPTER 7 ADVANCED ADMINISTRATION PC

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Manual. CAN 300 PRO CANopen Slave. CAN Communication Modules for S7-300 as CANopen Slave. Edition 3 /

The StrideLinx Remote Access Solution comprises the StrideLinx router, web-based platform, and VPN client.

SECON-X. Technical Documentation. SECON-Lev User Guide. Version: 2 Edition: Art. No:

Installation Guide. CompanyCRYPT v1.4.5

WorldExtend Environment Preparation Guide

Network Guide NPD EN

Manual. Software Protection. TwinCAT 3. Version: Date:

BCM50 Rls 6.0. Router IP Routing. Task Based Guide

SafeConsole On-Prem Install Guide

Colubris Networks Configuration Guide

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Table of Contents SKILLER PRO+ 2

Application Note Startup Tool - Getting Started Guide

VII. Corente Services SSL Client

App Tariff Switch Functional description

FieldView. Management Suite

Parallels Remote Application Server

WAVELINK AVALANCHE REMOTE CONTROL 3.0 QUICK START GUIDE

NetExtender for SSL-VPN

Network Guide NPD EN

SLE in Virtual Private Networks

BCM50 Rls 6.0. Router - IP Firewall. Task Based Guide

Transcription:

OpenVPN Client/Router Whitepaper Version 1 / 12/15/2015 Systeme Helmholz GmbH Hannberger Weg 2 D-91091 Großenseebach Germany Phone +49 9135 7380-0 Fax +49 9135 7380-110 info@helmholz.de www.helmholz.com

Notes All rights reserved, including those related to the translation, reprinting, and reproduction of this whitepaper or of parts thereof. No part of this whitepaper may be reproduced, processed, duplicated, or distributed in any form (photocopy, microfilm, or any other methods), even for training purposes or with the use of electronic systems, without written approval from Systeme Helmholz GmbH. All rights reserved in the event of the granting of a patent or the registration of a utility model. We welcome all ideas and suggestions. Copyright 2015 by Systeme Helmholz GmbH Hannberger Weg 2 91091 Großenseebach Windows is a registered trademark of Microsoft Corporation.

Content 1 General Information... 4 1.1 Information about this whitepaper... 4 1.2 Important notes regarding VPN... 4 1.3 OpenVPN - Client/Router connection (with wizard)... 5 2 Installing the OpenVPN software... 6 3 Settings in the REX 300... 7 4 Establish and end tunnel connection... 14 OpenVPN Client/Router Version 1 12/15/2015 3

1 General Information 1.1 Information about this whitepaper This document describes additional REX 300 functions and the settings required for them on the basis of examples. The necessary basic knowledge for dealing with the REX routers is presumed. We have checked the contents of this whitepaper to ensure that they match the hardware and software described. However, System Helmholz GmbH can assume no liability for any existing differences, as these cannot be fully ruled out. When using your purchased products, please make sure to use the latest version of the manual, which can be viewed and downloaded on the Internet at www.helmholz.de. Configuration, execution, and operating errors can interfere with the proper operation of the REX devices and result in personal injury, as well as property or environmental damage. Only adequately qualified personnel may operate the REX devices! 1.2 Important notes regarding VPN VPN connections from a client computer to a REX 300 unit functioning as a VPN server can only be established if the Internet connection is allowed to send incoming data to the REX 300 unit. In other words, if incoming data traffic is completely blocked for your Internet connection, you will not be able to establish a VPN connection to your REX 300 router. VPN connections allow you access to the LAN interface of the REX 300. That means, once you establish a VPN connection, you will have to work with the IP address range of the REX 300 LAN interface. A REX 300 with the LAN IP address 192.168.0.100 is reached via the Internet in this description. You have already established a VPN connection from your computer (LAN IP address 192.168.1.111 in this example) to the REX 300. Now you want to access the REX 300 web interface, so you enter 192.168.0.100 into your web browser s address bar. The VPN arranges for the query to the IP 192.168.0.100 be sent to the REX 300 unit through the VPN tunnel via the Internet. This will then send you the data of the web interface, enabling you to work with it. The same applies if you want to use the MPI/PROFIBUS interface. When using VPN, the LAN IP address of the REX 300 must be stored in the NETLink driver (SH S7-NET) in order to access the MPI/PROFIBUS interface via VPN. The standard port for web OpenVPN is 1194, In the event that this has to be changed to port 80, it should be noted that the port for the REX 300 web interface (default 80) also needs to be adapted, as it will otherwise not be possible to access the web interface. Two types of encryptions can be chosen from. In the example described here, a randomly generated static key is used. It is not possible to establish several simultaneous REX 300 connections with a PC client with this predefined key. A description of the use of X.509 certificates is not a component of this documentation. OpenVPN Client/Router Version 1 12/15/2015 4

1.3 OpenVPN - Client/Router connection (with wizard) The following pages describe how you produce an OpenVPN connection between a client PC and the REX 300 with the help of the integrated wizard. The instructions refer to a cable-connected REX 300 that is configured as a classic router and to an Internet-compatible Windows client PC on which the OpenVPN software is installed. Internet WAN or public IP address: 217.6.86.39 OpenVPN IP subnet:192.168.0.0 /24 LAN IP address: 192.168.0.100 Static IP address that can be accessed from the Internet at the deployment location of the REX 300 Default IP address in the delivery condition OpenVPN Client/Router Version 1 12/15/2015 5

2 Installing the OpenVPN software The freely available OpenVPN software can be installed from the REX 300 product CD. However, we always recommend acquiring the most recent version from the Internet from the https://openvpn.net download page (https://openvpn.net/index.php/open-source/downloads.html). Please always carry out the OpenVPN instances as the administrator (right mouse click - "Run as administrator") and confirm the query of the user account control system with "Yes". In the menu-guided OpenVPN setup, please confirm all dialogues in order to go to the respective next installation step (no adjustment needs to be carried out in the suggested component selection). Following successful installation, all files will have been filed in the OpenVPN standard installation folder "C:\Program Files (x86)\openvpn" of your PC. OpenVPN automatically created the folder "\config" during installation. As described in the next chapter, the OpenVPN configuration files from the REX 300 must be stored in this directory. OpenVPN Client/Router Version 1 12/15/2015 6

3 Settings in the REX 300 The steps necessary for configuring an OpenVPN connection will now be described with the help of the integrated wizard. Open the REX 300 web interface in a standard browser. In this example it is presumed that the standard LAN IP address of the factory setting is active. The IP address 192.168.0.100 must consequently be entered into the address bar of the browser. The First Start page is shown following successful web interface registration: The language selection is found to the top right if needed. For the subsequent steps click the "Classic router" field. The "First Start" page is only displayed when the router is started in the delivery condition. Once selected, changing between the portal server and the classic router is only possible following a reset to factory settings. The window with the system information subsequently opens. With the top menu bar you go to "Wizard". OpenVPN Client/Router Version 1 12/15/2015 7

In the explanations now described it is presumed that the WAN access to the Internet has already been successfully configured! The most important settings can be easily made with the help of a wizard. For the procedure described here it should be noted that the OpenVPN method has been chosen in the selection menu. Then click on the "Start" button to start the VPN wizard. Because the LAN & Internet wizards haven't been carried out yet, the following warning appears: As already noted, the correct LAN and WAN settings are presumed in this example. To this purpose put a check in the box and click on "Start". The information following subsequent to this is confirmed with "Next >". OpenVPN Client/Router Version 1 12/15/2015 8

The client-router connection is selected on this page and confirmed with "Next >". In this step the REX 300 uses a random generator to create a static key. This is filed under the name shown here (the name can be changed later if necessary). Now click on the "Next >". button. In conclusion you receive the information as to under which menu points the corresponding configuration file can be found in the REX 300 and downloaded. This procedure is described in the next chapter. The dialogue can be confirmed with "Next >". Acknowledge the following field with "Finish" OpenVPN Client/Router Version 1 12/15/2015 9

The REX 300 will now apply the configuration. This process will take about 30 seconds. The previously described procedure is completed as soon as a green check appears in front of the VPN wizard in the wizard screen. The previously generated files stored in the REX 300 must now be transferred to your Windows PC and adapted for the VPN connection. To this purpose go to the menu "VPN" (1.) "OpenVPN" (2.) - "Connections" (3.) and click the diskette button (4.) to download. The "Wizard.ovpn" (the "Wizard_Static_Key.key" is found in the "static key" directory) is ready for download in the "Connections" directory. OpenVPN Client/Router Version 1 12/15/2015 10

Move the mouse pointer over the "Wizard.ovpn" link (5.) with the blue background and open the Windows selection menu with a right mouse click, and then select "Save target as " (6.). The files must be saved in the directory C:\Program Files (x86)\openvpn\config\. In the case of activated UAC (User Account Control) under Windows 7, an error message with the following text appears when an attempt is made to save to this directory: "The file could not be saved because you do not possess the required authorization. Choose another folder to save." In this case, initially save the file at another location (e.g. Libraries - "Documents") and then move these manually into the \config directory. Confirm the query for administrator rights with "Continue": OpenVPN Client/Router Version 1 12/15/2015 11

When the "Wizard.ovpn" file is successfully saved on your computer, the previously named steps must also be carried out for the already created "static key" (Wizard_Static_Key.key). If you have saved both the "Wizard.ovpn" and the "Wizard_Static_Key.key" in the \config folder, the OpenVPN software must be started in Windows Desktop via "Start Programs OpenVPN OpenVPN GUI. The following symbol (bottom right) then appears in the Windows task bar: Right-click on the OpenVPN icon in order to open the software context menu, Click on "Edit configuration", in order to edit the Wizard.ovpn file. The "Wizard.ovpn" file can be opened with a standard text editor in order to be able to carry out the necessary changes. OpenVPN Client/Router Version 1 12/15/2015 12

The OpenVPN software on your PC must now be provided with the IP address and the path to the correct encryption file. The following entries must therefore be manually adapted: For one thing, you must indicate the path to the "Wizard_Static_Key.key" file under the point "secret". Be sure to use the method of entry with double slashes and superscript exclamation marks! secret "C:\\Program Files (x86)\\openvpn\\config\\wizard_static_key.key" You must also define the Internet address to which the OpenVPN connection should be established. In our example, the WAN IP of the REX 300 with the (here only as an example and not to be used in your application case) WAN IP address is entered. remote 217.6.86.39 OpenVPN also allows users to use a proxy server as an Internet access point. To this purpose you must convert the preset network protocol from UDP to TCP. Many proxy servers don't allow the UDP protocol. In this case, change the entry "proto udp" to "proto tcp-client" in the Wizard.ovpn file on your PC. The configuration is completed once the file is saved. OpenVPN Client/Router Version 1 12/15/2015 13

4 Establish and end tunnel connection You open the context menu with a right mouse click on the OpenVPN symbol in the Windows task bar. Click with the left mouse button on "Connect". OpenVPN will now attempt to establish a VPN connection to the previously configured other connection point. This can be recognized in that the OpenVPN symbol changes to the yellow state. Please note that the VPN connection can only be established when no other port barriers are active in the involved firewalls. The tunnel connection is displayed for you in the form of a green OpenVPN symbol. In this example you can now reach the LAN IP address of the removed REX 300 and, for example, open the web interface with the URL: http:\\192.168.0.100. If you would like to disconnect, click with the right mouse button on the OpenVPN symbol and select "Disconnect". The icon will now change color from green to gray, indicating that the tunnel connection has been terminated. OpenVPN Client/Router Version 1 12/15/2015 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback