Description

OpenVPN is free to install and provide secure access to your private business network on-premise. Milesight routers and gateways could work as OpenVPN client and connect to the OpenVPN server. This chapter will take openVPN cloud as example to describe how to configure the OpenVPN client on Milesight routers and gateways.


Requirement

-OpenVPN Cloud Account

-OpenVPN Connect Software

-Milesight routers/CPE/gateways 


Configuration

Step1: Ensure router has accessed the network and is able to reach the openVPN cloud. You can use ping the server address in router to check the connection.


Step2: Click Download icon to download the ovpn format file. Please note that every client ovpn file should use in only one device.

Note: you can import the ovpn file to OpenVPN Connect software to quickly test if this file is valid.

Step3: Log in web GUI of Milesight routers, go to Network -> VPN -> OpenVPN Client page to configure basic OpenVPN client parameters according to ovpn file.


You can refer to below list to fill in router settings according to ovpn file. Necessary certs can be imported as Step 4 and Step 5. Click here to learn more about OpenVPN configurations.

Note: below parameters with “*” are optional, users can keep these settings by default.

ParametersOpenVPN Configuration
ProtocolTCP---proto tcp; UDP---proto udp
Remote IP Address & Portremote [Remote IP Address] [Port]
Interfacetun---dev tun; tap---dev tap
AuthenticationNone: ifconfig [Local Tunnel IP] [Remote Tunnel IP]
Pre-shared: secret [preshared.key]
Username/Password: auth-user-pass [Username&Password]
X.509 cert: ca [ca.crt];cert [client.crt]; key [client.key]
Enable TLS Authentication
tls-auth [ta.key] 1
Compression*
LZO---comp-lzo; none
Link Detection Interval & Detection*
keepalive [Interval] [Detection]
Cipher
cipher [Cipher]
MTU*
tun-mtu [MTU]
Max Frame Size*
fragment [Frame Size]

Verbose Level*


ERROR -- verb 0

WARNING -- verb 4

NOTICE -- verb 5

DEBUG -- verb 6


Expert Option


Add extra necessary configuration and separate them by “;”, example: auth SHA256;key-direction 1

Note: For Milesight gateways and hotspots, it only supports adding one configuration and format is different, example: --auth SHA256



Step4: Generate necessary certificates via ovpn files according to authentication needs.

CA Cert: Copy the content between <ca> ...<ca> to another blank txt file and save the file as ca.crt.

Public client cert: Copy the content between <cert> ...<cert> to another blank txt file and save the file as client.crt.

Private client key: Copy the content between <key> ...<key> to another blank txt file and save the file as client.key.

TA key: Copy the content between <tls-auth> ...<tls-auth> to another blank txt file and save the file as ta.key. This file is optional and only need when selecting TLS authentication.


Note: All above file names can be customized but the file suffix must be fixed. During copy, do not add any extra characters in new cert files (especially blank character), or it will cause router fails to connect to openVPN server.


 


Step5: Go to Network -> VPN -> Certifications page to import the certs you generate in Step 4.


Step6: Check VPN connection status in Status -> VPN page. It shows the router has connected and receive a tunnel IP.


Step7: Open the OpenVPN Connect software, click “+” to fill in OpenVPN Cloud URL and account information log in the OpenVPN Cloud and add the Configuration Profile as software instructions.

Enable the connection, the PC will connect to the OpenVPN Cloud.

After connected, users can use the tunnel IP to access the router. If this not work, please go to Network->Firewall->Security to check if remote access services are enable. If access failed, check if your PC firewall has closed.