Search okapi website
Subscribe to newsletter
Openvpn |
|
Introduction
OpenVPN is a program for creating point-to-point or server-to-multiclient encrypted tunnels between host computers. Openvpn is used to establish a secure connection between a client (a single client or a complete subnet) and a remote network over internet. It allows peers to authenticate each other using a pre-shared secret key, certificates, or username/password. To demonstrate the use of Okapi to set up an Openvpn server, the network machine must be connected to internet and must have a static IP. In our case the public IP of Okapi is 172.168.1.1 For proper functioning of Openvpn, certain certificates and DH-parameters are required. For configuration as Openvpn server root-CA, server certificate and Dh-param files are required.
Network Diagram
Configuration
Okapi(config)# interface SSL-Tunnel 0 In effect to these commands, root-ca files: 'root_ca.crt' and 'root_ca.key'; server certificate: 'server.crt' and key file: 'server.key'; and DH file 'dh1024.pem' are generated. The generated files are located in /etc/openvpn/keys directory. On similar ground the certificate for the client can be generated as:
In effect to this command, client certificate: 'client.crt' and key file: 'client.key' are generated. The generated files are located in /etc/openvpn/keys directory. Now, let us configure Okapi to function as an openvpn server having network address 10.8.0.0/32.
With this configuration, the server assigns to itself IP address 10.8.0.1. The IP address range to be assigned to openvpn clients as configured on openvpn server is 10.8.0.4 to 10.8.0.251. The command 'auth-user-pass' is used to enable authentication be username-password. After the above configurations on Okapi router is done, the openvpn server becomes functional and is ready to listen to incoming client requests. The server can be tested by executing show interface command on Okapi as well as by pinging openvpn server i.e., 10.8.0.1.
|
