OpenVPN is free to install and provide secure access to your private business network on-premise. Milesight gateways could work as OpenVPN client and connect to the OpenVPN server. This chapter will take openVPN cloud as example to describe how to configure the OpenVPN client on Milesight gateways.
-OpenVPN Cloud Account
-OpenVPN Connect Software
-Milesight UG gateways/hotspots
Step1: Ensure the gateway has accessed the network and is able to reach the openVPN cloud. You can use ping the openVPN cloud ID in gateway to check the connection.
Step2: Log in your openVPN cloud account, go to Hosts page, click Create Host.
Name your network and connector, select the connector region, click Next.
Select operating system as Windows, click Next and Finish to complete the creation.
Step3: Click Deploy icon to download the ovpn format file. Please note that every client ovpn file should use in only one device.
Note: you can import the ovpn file to OpenVPN Connect software to quickly test if this file is valid.
Step4: Log in web GUI of Milesight gateways, go to Network -> VPN -> OpenVPN Client page to configure basic OpenVPN client parameters according to ovpn file.
You can refer to below list to fill in the settings according to ovpn file. Necessary certs can be imported as Step 5 and Step 6. Click here to learn more about OpenVPN configurations.
Note: below parameters with “*” are optional, users can keep these settings by default.
|Protocol||TCP---proto tcp; UDP---proto udp|
|Remote IP Address & Port||remote [Remote IP Address] [Port]|
|Interface||tun---dev tun; tap---dev tap|
|Authentication||None: ifconfig [Local Tunnel IP] [Remote Tunnel IP]|
|Pre-shared: secret [preshared.key]|
|Username/Password: auth-user-pass [Username&Password]|
|X.509 cert: ca [ca.crt];cert [client.crt]; key [client.key]|
|Enable TLS Authentication||tls-auth [ta.key] 1|
|Link Detection Interval & Detection*||keepalive [Interval] [Detection]|
|Max Frame Size*||fragment [Frame Size]|
|ERROR -- verb 0|
WARNING -- verb 4NOTICE -- verb 5
DEBUG -- verb 6
|Add extra necessary configuration and separate them by “;”, example: auth SHA256;key-direction 1|
Note: For Milesight gateways and hotspots, it only supports adding one configuration and format is different, example: --auth SHA256
Note: if gateway firmware version is below 220.127.116.11, the expert option format is “--parameter”, example: --auth SHA256
Step5: Generate necessary certificates via ovpn files according to authentication needs.
CA Cert: Copy the content between <ca> ...<ca> to another blank txt file and save the file as ca.crt.
Public client cert: Copy the content between <cert> ...<cert> to another blank txt file and save the file as client.crt.
Private client key: Copy the content between <key> ...<key> to another blank txt file and save the file as client.key.
TA key: Copy the content between <tls-auth> ...<tls-auth> to another blank txt file and save the file as ta.key. This file is optional and only need when selecting TLS authentication.
Note: All above file names can be customized but the file suffix must be fixed. During copy, do not add any extra characters in new cert files (especially blank character), or it will cause router fails to connect to openVPN server.
Step6: Go to Network -> VPN -> Certifications page to import the certs you generate in Step 5.
Step7: Check VPN connection status in Status -> VPN page. It shows the gateway has connected and receive a tunnel IP.
Step8: Open the OpenVPN Connect software, click “+” to fill in OpenVPN Cloud URL and account information log in the OpenVPN Cloud and add the Configuration Profile as software instructions.
Enable the connection, the PC will connect to the OpenVPN Cloud.
After connected, users can use the tunnel IP to access the gateway. If access failed, check if your PC firewall has closed.