Scribd
Upload
361 views7 pages

Sette Opp OpenVPN - ECU-1051TL

This document provides instructions for setting up an OpenVPN server to allow remote access to devices on a private network. The steps include downloading and installing OpenVPN, generating certificates and keys, configuring the server.ovpn file, and enabling the OpenVPN service. Clients then need to download the ca.crt file and generate client certificates to connect to the VPN and access resources as if they were on the local network.

Uploaded by

Nguyễn Văn Tân
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
361 views7 pages

Sette Opp OpenVPN - ECU-1051TL

This document provides instructions for setting up an OpenVPN server to allow remote access to devices on a private network. The steps include downloading and installing OpenVPN, generating certificates and keys, configuring the server.ovpn file, and enabling the OpenVPN service. Clients then need to download the ca.crt file and generate client certificates to connect to the VPN and access resources as if they were on the local network.

Uploaded by

Nguyễn Văn Tân
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Advantech AE Technical Share Document

Date 2019/7/20 SR# 1-3613369991


Category ■FAQ □SOP Related OS N/A
Abstract How to set up OpenVPN
Keyword VPN
Related
ADAM-3600, ECU-1152, ECU-1251
Product
 Problem Description:
This document explains how to set up OpenVPN. User could set up VPN for iRTU devices to
access private network domain.

 Answer:
1. Please download OpenVPN GUI for Windows OS.
https://openvpn.net/index.php/open-source/downloads.html
Note: Please use OpenVPN version 2.3.x, instead of 2.4.x or newer.
(Because iRTU uses 2.3 version, so VPN server needs to install 2.3 as well.)

2. Choose to install “OpenSSL Utilities” and “RSA Certificate Management Scripts”


components. (Some OpenVPN version may not be chosen by default.)

3. Open the directory where OpenVPN installed. (For example, D:\Program


Files\OpenVPN )

1
4. Back up “easy-rsa” and “sample-config” directories.
(Need to select above RSA package to install in step 2. Otherwise, there is no easy-rsa
directory)

5. Edit /easy-rsa/vars.bat.sample
Set Home to the path of folder easy-rsa.
------------------------------------------------------------
set HOME=D:\Program Files\OpenVPN\easy-rsa

You can choose 1024 or 2048 for Key length. (Choosing 2048 coding takes a long time.)
set KEY_SIZE=1024

6. Use cmd line and move to easy-rsa directory.


Execute the following commands in turn to complete the initialization

init-config

vars

clean-all

“init-config.bat” would copy 2 files if there is no error message.


“vars.bat” is to initialize the environment variables. Every time opening command prompt

2
window, “vars” command must be executed before other commands can be executed.
“clean-all.bat” is to clean “keys” directory. (When cleaning-all is executed for the first time,
it is normal to prompt "the system cannot find the specified file". This command deletes all
previously generated certificates and key files to avoid conflicting with the newly
generated certificates and keys.)

7. Execute “build-ca.bat” to generate certification of server. (keys\ca.key)


Press “Enter” if there is value in []. (The value user can set up in vars.bat.sample)

8. Execute “build-key-server.bat server” to generate server key. (keys\server.key)

The information (section, host name, and so on) during generating server.key shall be the same in
the next step of generating client.key.

3
Press “y” to commit for requesting certification.
The certification of server is established after finishing this step.

9. Now we create “Client key”. Execute “build-key.bat client1” (“client1” is the file name)
Common name shouldn’t be the same as other client.

10. Execute “build-dh.bat” to generate DH key. (DH Key is a secure protocol for encrypting
data.)

11. Execute “openvpn --genkey --secret keys/ta.key” to create ta.key.

4
12. Copy files for server (ca.crt、ca.key、dh1024.pem、server.crt、server.key) to config directory.

13. Copy “server.ovpn” from sample-config directory to “config” directory.

14. Modify server.ovpn in config.


You can also see the description in the server.ovpn.

local 192.168.1.101 # Specify the native IP to listen on (because some computers

have multiple IP addresses), this command is optional and defaults to listen on all

IP addresses.

port 1194 # local port number to listen on

proto tcp # transport protocol

dev tun

ca ca.crt

cert server.crt

key server.key

dh dh1024.pem

server 12.1.1.1 255.255.255.0 # IP address segments and subnet masks used in virtual

5
local area networks. In this example, the server occupy 10.0.0.1。
ifconfig-pool-persist ipp.txt

tls-auth ta.key 0 #Open TLS-auth,the second parameter should be '0' on the server
and '1' on the clients.

cipher AES-256-CBC #Cryptographic cipher.

keepalive 10 120

comp-lzo #Enable VPN connection compression. If the server is open, the

client must be open.

client-to-client # The client is allowed to connect to the client.

persist-key

persist-tun

status openvpn-status.log

verb 3

Save file.

15. Enter the Windows Service Interface of the Computer on the Server to open the service
Openvpn. (cmd--- services.msc)

16. In EdgeLink, fill in the openvpn server’s ip, port and choose the cipher, the path of files
(ca.crt, client1.crt, client1.key).
For TLS, choose the ta.key and the auth direction should be 1 if server is 0.
Note: the gateway’s time should be the same as openvpn server’s time. You can do Time
Calibration in online monitor.

6
Download the project. The gateway will get the IP of openvpn.

You might also like