Description
OpenVPN is free to install and provide secure access to your private business network on-premise. Milesight routers and gateways could work as OpenVPN client and connect to the OpenVPN server. This chapter will take CloudConnexa as example to describe how to configure the OpenVPN client on Milesight routers and CPEs.
Requirement
-Milesight routers/CPEs
Configuration
1. Create Network on CloudConnexa
1. Log in your CloudConnexa account, go to Networks > Networks page to click Add Network.
2. Select the scenario according to your requirement. In this example, we select Remote Access, then click Continue.
3. Name your network and connector, select the connector region, click Next.
4. Select the provider type as OpenWrt and download the ovpn profile. Please note that every client ovpn file should use in only one device.
5. Click Next, select Proceed Without Testing.
6. Add route and IP service as Milesight router LAN port subnet, then click Next.
7. Click Finish.
2. OpenVPN Settings on Milesight Routers
1. Ensure router has accessed the Internet connection.
2. Go to Network -> VPN -> OpenVPN Client page to configure basic OpenVPN client parameters according to ovpn file.
Note: if you select page configuration, please try below steps:
1) configure parameters according to ovpn file.
You can refer to below list to fill in router settings according to ovpn file. Necessary certs can be imported as Step 3 and Step 4. Click here to learn more about OpenVPN configurations.
Note: below parameters with “*” are optional, users can keep these settings by default.
| Parameters | OpenVPN Configuration |
| Protocol | TCP---proto tcp; UDP---proto udp |
| Remote IP Address & Port | remote [Remote IP Address] [Port] |
| Interface | tun---dev tun; tap---dev tap |
| Authentication | None: ifconfig [Local Tunnel IP] [Remote Tunnel IP] |
| Pre-shared: secret [preshared.key] | |
| Username/Password: auth-user-pass [Username&Password] | |
| X.509 cert: ca [ca.crt];cert [client.crt]; key [client.key] | |
| Enable TLS Authentication | tls-auth [ta.key] 1 |
| Compression* | LZO---comp-lzo; none |
| Link Detection Interval & Detection* | keepalive [Interval] [Detection] |
| Cipher | cipher [Cipher] |
| MTU* | tun-mtu [MTU] |
| Max Frame Size* | fragment [Frame Size] |
Verbose Level* | ERROR-- verb 0 WARNING -- verb 4 NOTICE-- verb 5DEBUG -- verb 6 |
Expert Option | Add extra necessary configuration and separate them by “;”, example: auth SHA256;key-direction 1 Note: For Milesight gateways and hotspots, it only supports adding one configuration and format is different, example: --auth SHA256 |
2) Generate necessary certificates via ovpn files according to authentication needs.
CA Cert: Copy the content between <ca> ...<ca> to another blank txt file and save the file as ca.crt.
Public client cert: Copy the content between <cert> ...<cert> to another blank txt file and save the file as client.crt.
Private client key: Copy the content between <key> ...<key> to another blank txt file and save the file as client.key.
TA key: Copy the content between <tls-auth> ...<tls-auth> to another blank txt file and save the file as ta.key. This file is optional and only need when selecting TLS authentication.
Note: All above file names can be customized but the file suffix must be fixed. During copy, do not add any extra characters in new cert files (especially blank character), or it will cause router fails to connect to openVPN server.
3) Import the certs to Milesight routers.
3. Check VPN connection status. It shows the router has connected and receive a tunnel IP.
OpenVPN Connecxa shows the device is online.
3. Access the Router Remotely
1. Go to Users > Users page to click Add User.
2. Click the user you created, click Add Device.
3. Download .ovpn profile.
4. Download and install OpenVPN Connect software to the computer or smartphone.
5. Open the OpenVPN Connect software to upload the ovpn file.
6. Enable the connection, the PC will connect to the CloudConnexa.
7. After connected, users can use the router LAN IP to access the router.
Note:
- The tunnel IP addresses provided by CloudConnexa do not support web access.
- The devices under the same Network/Host in CloudConnexa cannot see each other.
- When you fail to access the Milesight router web GUI but can ping via the LAN IP address, please check if remote access services are enable. If still failed, check if your network firewall has closed.
---END----