Description
OpenVPN is free to install and provides secure access to your private on-premises corporate network. Milesight gateways could work as OpenVPN client and connect to OpenVPN server. This chapter will take openVPN cloud as an example to describe how to configure OpenVPN client on Milesight gateways.
Requirement
-OpenVPN Cloud Account
-OpenVPN connection software
-Milesight UG gateways/hotspots
Configuration
Step 1: Make sure the gateway has accessed the network and is able to reach the openVPN cloud. You can ping the openVPN cloud ID in the gateway to verify the connection.
Step 2: Log in to your openVPN cloud account, go to the Hosts page , click Create Host .
Name your network and connector, select the connector region, click Next .
Select Windows operating system , click Next and Finish to complete the creation.
Step 3: Click the Deploy icon to download the file in ovpn format. Please note that each client ovpn file should only be used on one device.
Note: You can import the ovpn file into OpenVPN Connect software to quickly test if this file is valid.
Step 4: Log in to Milesight Gateways web GUI, navigate to Network -> VPN -> OpenVPN Client page to configure basic settings of OpenVPN client based on the ovpn file.
You can refer to the list below to fill in the settings according to the ovpn file. The necessary certificates can be imported in steps 5 and 6. Click here to learn more about OpenVPN configurations.
Note: Below settings with "*" are optional, users can keep these settings as default.
| Settings | Setting up OpenVPN |
| Protocol | TCP ---prototcp; UDP ---proto udp |
| Remote IP address and port | remote [ Remote IP Address ] [ Port ] |
| Interface | tun ---dev tun; press ---dev press |
| Authentication | None: ifconfig [ local tunnel IP ] [ remote tunnel IP ] |
| Pre-shared: secret [ preshared.key ] | |
| User name password : auth-user-pass [ Username and password ] | |
| X.509 certificate: ca [ ca.crt ];cert [ client.crt ]; key [ client.key ] | |
| Enable TLS authentication | tls-auth [ ta.key ] 1 |
| Compression* | LZO ---comp-lzo; none |
| Link detection interval and detection* | keepalive [ Interval ] [ Detection ] |
| Encrypt | encrypt [ Cypher ] |
| MTU* | tun-mtu [ MTU ] |
| Maximum frame size* | fragment [ Frame size ] |
|
Verbose level* |
ERROR -- verb 0 WARNING -- verb 4 OPINION -- verb 5DEBUG -- verb 6 |
|
Expert option |
Add any additional configuration needed and separate them with “; », example: auth SHA256;key-direction 1 Note: For Milesight gateways and hotspots, it only supports adding one configuration and the format is different, example: --auth SHA256 |
Note : If the gateway firmware version is lower than 60.0.0.37, the expert option format is "--parameter", example: --auth SHA256
Step 5: Generate necessary certificates via ovpn files based on authentication needs.
CA Cert: Copy the contents between <ca> ...<ca> into another blank txt file and save the file as ca.crt .
Public client certificate: Copy the contents between <cert> ...<cert> into another blank txt file and save the file as client.crt .
Private client key: copy the contents between <key> ...<key> into another empty txt file and save the file as client.key .
TA key: copy the contents between <tls-auth> ...<tls-auth> into another blank txt file and save the file as ta.key . This file is optional and is only needed when selecting TLS authentication.
Note: All file names above can be customized but the file suffix must be corrected. While copying, do not add any extra characters in the new certificate files (especially empty characters), otherwise the router will fail to connect to the openVPN server.
Step 6: Go to the Network -> VPN -> Certifications page to import the certificates you generate in step 5.
Step 7: Check the VPN connection status in the Status -> VPN page . It shows that the gateway has connected and received a tunnel IP address.
Step 8: Open OpenVPN Connect software, click “+” to fill in the OpenVPN Cloud URL and account information, log in to OpenVPN Cloud and add the configuration profile as software instructions.
Activate the connection, the PC will connect to the OpenVPN Cloud.
Once connected, users can use the tunnel IP address to access the gateway. If access fails, check if your PC's firewall has closed.
