Description

OpenVPN Provide secure access to your private business network on-premise. OpenVPN is free to install. Milesight routers can use as OpenVPN server, which make it possible for our customer don’t need to maintain an exclusive server.

This chapter will guide you how to configure the OpenVPN server on router.


Topology


Requirement

-Milesight UR series router (with a public IP address)

-OpenVPN Client software:OpenVPN Commnunity version


Configuration

Step1:Build up your OpenVPN certificate, please refer to the link as below:

https://openvpn.net/community-resources/setting-up-your-own-certificate-authority-ca/


Step2: After building all the certificates, all files are under “OpenVPN\easy-rsa\keys”

Copy the following file to "OpenVPN\config” path.


Step3: Define a ovpn file with openVPN client configurations. Ovpn file example can be found on “OpenVPN\sample-config” folder. Remote server address should be public IP address of Milesight routers. For more info regarding the parameter, please visit: https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/

Note:

  • OpenVPN client parameters must be tally with your setting in Milesight routers;
  • If all certificates do not under the path “openVPN\config”, please type the whole path in ovpn file, for example “D:\OpenVPN\easy-rsa\keys\ca.crt”.
  • TLS authentication is optional.


Step4: Enable the OpenVPN sever function and set options as below:

Note: auth SHA256 should be filled in the Expert Options

If you have more than one configurations, , please use ”;” to separate them in Expert Options.


Step5: Import the certificates CA.cert, server.crt, server.key, dh4096.pem and ta.key, then click Apply.


Step6: If you want to visit the IPC connect with Milesight router via Lan, you need to add a route in your .ovpn parameter file which indicate how to visit the subnet of the VPN server side:

route 192.168.111.0 255.255.255.0


 Step7: Run the OpenVPN GUI on the PC.

Right click the icon, select Connect.

Then the Server will assign the tunnel IP for the PC client. It is connected successfully now.


Step8: Open the terminal, input “route print” to display the route table on your router, which would have a routing ensure that the PC can access the subnet via OpenVPN tunnels.


 Step9: Open your browser and input the IPC’s ip address, you could login the web page and view the interface.