NetComm Wireless NTC-6908 Installation instructions

OpenVPN

Technical Support Guide

OpenVPN Technical Support Guide

www.netcommwireless.com

v1.0

The information contained herein is proprietary to NetComm Wireless. No part of this document may be translated, transcribed,

reproduced, in any form, or by any means without prior written consent of NetComm Wireless.

Trademarks and registered trademarks are the property of NetComm Wireless Limited or their respective owners. Specifications are

subject to change without notice. Images shown may vary slightly from the actual product.

Please note: This document is subject to change without notice.

DOCUMENT VERSION

DATE

1.0 - Initial document release

7 December, 2015

Table 1 - Document Revision History

OpenVPN Technical Support Guide

www.netcommwireless.com

v1.0

Table of Contents

Applicable devices ........................................................................................................................................................................4

Introduction....................................................................................................................................................................................4

OpenVPN Server Mode .................................................................................................................................................................5

Configuring an OpenVPN Server..............................................................................................................................................................6

Verifying the OpenVPN Connection Status .............................................................................................................................................11

OpenVPN Client Mode.................................................................................................................................................................12

Certificate Files......................................................................................................................................................................................12

Configuring an OpenVPN Client.............................................................................................................................................................13

Verifying the OpenVPN Connection Status............................................................................................................................................. 16

OpenVPN Peer-To-Peer Mode....................................................................................................................................................17

Configuring an OpenVPN Peer-To-Peer Connection...............................................................................................................................18

OpenVPN Peer-To-Peer Example..........................................................................................................................................................19

Verifying the OpenVPN Peer-To-Peer Connection Status........................................................................................................................21

OpenVPN Technical Support Guide

www.netcommwireless.com

v1.0

Applicable devices

This document is applicable to the following NetComm Wireless devices:

NTC-6908

NTC-6908-02

NTC-6520

NTC-6200

NTC-30WV

NTC-30WV-02

NTC-40WV

NTC-140W

NWL-11

NWL-15

NWL-25

Introduction

A VPN (Virtual private network) is a secure connection between two or more endpoints. It can also be seen as an extension to a

private network.

There are two key types of VPN scenarios:

Site to Site VPN

Remote Access VPN

In a site to site VPN, data is encrypted from one VPN gateway to the other, providing a secure link between two sites over a third

party insecure network like the Internet.

In a remote access VPN scenario, a secure connection would be made from an individual computer to a VPN gateway. This would

enable a user to access their e-mail, files and other resources at work from wherever they may be, providing they have an Internet

connection.

NetComm Wireless M2M routers support three types of Virtual Private Network (VPN) technologies:

Point-to-Point Tunnelling Protocol (PPTP) VPN

Internet Protocol Security (IPsec) VPN

OpenVPN

OpenVPN is an open source virtual private network (VPN) program for creating point-to-point or server-to-multi-client encrypted

tunnels between host computers. NetComm Wireless M2M routers support three different OpenVPN modes:

OpenVPN Server

OpenVPN Client

OpenVPN Peer-to-Peer VPN connection.

This document describes how to configure the different OpenVPN types on NetComm Wireless M2M routers.

Important notes about OpenVPN on NetComm Wireless M2M Routers

When using two NetComm Wireless M2M routers in a Server-Client scenario, you should change the LAN IP Address

of the devices so that they are on different subnets, otherwise you may find it impossible to access the web-interface

of one of the routers when an OpenVPN connection is established.

A NetComm Wireless M2M router acting as a Server must be connected to an APN that provides a publicly routable IP

address.

OpenVPN Technical Support Guide

www.netcommwireless.com

v1.0

OpenVPN Certificates and Secret Keys are dependent on the time on each router being in synchronisation. If the time

is not correct on the router due to NTP not working or for any other reason, the certificate or secret key timestamp

may be considered expired and hence will not be useable.

If both the OpenVPN Server and OpenVPN Client are in a private network, please ensure that the server is routable to

the client and vice-versa before establishing the VPN connection.

OpenVPN Server Mode

In OpenVPN Server Mode, a NetComm Wireless M2M Series Router acts as a host allowing M2M Routers in client mode or

Windows/Linux software clients to establish a virtual private network connection. In order to establish a secure communications

channel, a cryptographic key is exchanged between the server and the client using the Diffie-Hellman method of key exchange.

Once a shared secret is established, certificates identifying each client node are issued which can be used as a means of

authentication.

OpenVPN authentication is achieved through first establishing a public key infrastructure. The public key infrastructure includes:

1. A public and private key for the server and each client

2. A master Certificate Authority (CA) certificate and the key used to sign each of the server and client certificates.

This authentication method results in several benefits:

The server only needs its own certificate and key. It does not need to have every certificate of every client that may

connect to it.

The server will only accept clients with certificates that were signed by the master certificate authority.

If the security of a client certificate is compromised, that individual certificate can be revoked without requiring a new

public key infrastructure to be generated.

The server can enforce access rights for specific clients based on the certificate fields.

While certificate authentication is the more secure and desirable means of authentication, it is also possible to use a username and

password for authentication. Username and password authentication is not used in conjunction with certificates.

An OpenVPN Server allows for one or many client routers to establish secure communication tunnels as illustrated below:

Figure 1 - OpenVPN Server Mode Diagram

OpenVPN Technical Support Guide

www.netcommwireless.com

v1.0

Configuring an OpenVPN Server

1. Log in to your NetComm Wireless M2M router using the “root” account. Refer to your device’s User Guide for further

details performing this.

2. Click on Networking, VPN, then OpenVPN. The OpenVPN List is displayed.

Figure 2 - OpenVPN List

3. Next to OpenVPN server list, click the +Add button. If you have not yet generated a server certificate, the following

message is displayed:

Figure 3 - Server certificate prompt

Click the OK button. If you have already generated a server certificate, you may skip to step 7.

4. Next to Diffie-Hellman parameters, click the Generate button. The following dialog is displayed.

Click the OK button. The Diffie-Hellman parameters are generated. When complete the bottom section of the screen

shows the following.

OpenVPN Technical Support Guide

www.netcommwireless.com

v1.0

5. Enter the details in the fields provided to create a certificate for this router then click the Generate button at the bottom of

the screen.

The router displays a warning that the keys will take a few minutes to generate. Click the OK button.

When it is complete, a certificate serial number and expiry date appear above the certificate fields.

6. Navigate to the OpenVPN page again (Networking -> VPN -> OpenVPN)

7. Under OpenVPN server, click on the Add button. The OpenVPN server edit page is displayed.

OpenVPN Technical Support Guide

www.netcommwireless.com

v1.0

Figure 4 - OpenVPN Server configuration page

OpenVPN Technical Support Guide

www.netcommwireless.com

v1.0

8. In the Profile name field, type a name for the OpenVPN Server profile you are creating.

9. From the Type drop down list, select whether to use TUN (tunnel) or TAP (virtual TAP interface). A TAP interface can be

bridged with an Ethernet connection.

10. Select a port number and packet type to use for your OpenVPN Server. The default OpenVPN port is 1194 and default

packet type is UDP.

11. In the VPN Network Address and VPN Network Mask fields, enter the IP address and network mask to assign to your

VPN. This is ideally an internal IP address which differs from your existing address scheme.

12. HMAC or Hash-based Message Authentication Code is a means of calculating a message authentication code through the

use of a cryptographic hash function and a cryptographic key. If you wish to use the HMAC signature as an additional key

and level of security, under the SSL/TLS handshake section, click the Use HMAC Signature toggle key so that it is in the

ON position, then click the Generate button so that the router can randomly generate the key. The Server key timestamp

field is updated with the time that the key was generated. Click the Download button to download the key file so that it can

be uploaded on the client.

13. Select the Authentication Type that you would like to use for the OpenVPN Server.

Certificate Authentication

a) In the Certificate Management section, enter the required details to create a client certificate. All fields are required. When

you have finished entering the details, click the Generate button. The certificate should only take a moment to generate.

Figure 5 - OpenVPN Server - Certificate Management section

b) When it is done, you can click the Download P12 or Download TGZ buttons to save the certificate file. You may select the

format required by the remote router. NetComm Wireless routers support both formats. If for some reason the integrity of

your network has been compromised, you can return to this screen and use the Certificate drop down list to select the

certificate and then press the Revoke button to disable it.

c) To inform the OpenVPN Server of the network address scheme of the currently selected certificate, enter the Network

Address and Network Mask in the respective fields. If you do not enter the remote subnet here, any packet requests from

the server to the client will not be received by the client network because it is not aware of the remote client’s subnet.

OpenVPN Technical Support Guide

www.netcommwireless.com

v1.0

Username / Password Authentication

a) In the username/password section, enter the username and password you would like to use for authentication on the

OpenVPN Server. Click the Download CA certificate or Download CA TGZ button to save the certificate. Choose the

format supported by your client router. NetComm Wireless routers support both formats.

Note: If you wish to have more than one client connect to this OpenVPN Server, you must use Certificate Authentication

mode as Username/Password only allows for a single client connection.

Figure 6 - OpenVPN Server - Username/Password section

b) To inform the OpenVPN Server of the network address scheme of the currently selected certificate, enter the Network

Address and Network Mask in the respective fields. If you do not enter the remote subnet here, any packet requests from

the server to the client will not be received by the client network because it is not aware of the remote client’s subnet.

14. When you have finished entering all the required information, click Save to finish configuring the OpenVPN Server.

Other manuals for NTC-6908

This manual suits for next models

Table of contents

Other NetComm Wireless Network Router manuals

NetComm Wireless

NetComm Wireless NWL-12 Series User manual

NetComm Wireless

NetComm Wireless NWL-25 Quick start guide

NetComm Wireless

NetComm Wireless NTC-140-01 User manual

NetComm Wireless

NetComm Wireless NTC-221 User manual

NetComm Wireless

NetComm Wireless NTC-220 Series User manual

NetComm Wireless

NetComm Wireless NTC-6200 User manual

NetComm Wireless

NetComm Wireless NP124 User manual

NetComm Wireless

NetComm Wireless NTC-140W User manual

NetComm Wireless

NetComm Wireless NB304n User manual

NetComm Wireless

NetComm Wireless NB304n User manual

NetComm Wireless

NetComm Wireless Vodafone MachineLink 3G Quick start guide

NetComm Wireless

NetComm Wireless WSG-NF5 User manual

NetComm Wireless

NetComm Wireless NB16DG User manual

NetComm Wireless

NetComm Wireless NF18ACV User manual

NetComm Wireless

NetComm Wireless NF15ACV User manual

NetComm Wireless

NetComm Wireless NTC-400 Series User manual

NetComm Wireless

NetComm Wireless NB16DG Instruction Manual

NetComm Wireless

NetComm Wireless NTC-6908 User manual

NetComm Wireless

NetComm Wireless NTC-140 User manual

NetComm Wireless

NetComm Wireless NTC-225 User manual

NetComm Wireless

NetComm Wireless NTC-223 User manual

NetComm Wireless

NetComm Wireless NB304n User manual

NetComm Wireless

NetComm Wireless NTC-400 Series User manual

NetComm Wireless

NetComm Wireless NF10WV User manual

Popular Network Router manuals by other brands

Allnet

Allnet ALL0333AU user guide

HomeSeer

HomeSeer HT-SEL Getting started guide

Sercomm

Sercomm Genesis OC3505D Quick installation guide

Billion

Billion BIPAC 5102 Series user manual

TP-Link

TP-Link TD-8817 QIG

Motorola

Motorola MR1900 user guide

Digi

Digi IX14 user guide

Cisco

Cisco NCS 540 Hardware installation guide

XAVi

XAVi X8821e user manual

BEC

BEC 6200WZL Quick installation guide

MikroTik

MikroTik hAP ac3 Series quick start

Korenix

Korenix JetNet 5428G Series user manual

NETGEAR

NETGEAR FS526T - Switch installation guide

Korenix

Korenix JetNet 5710G Series user manual

Automated Logic

Automated Logic ZN551 Technical instructions

Cisco

Cisco ASR 1000 Series Installation and configuration guide

EnGenius

EnGenius ESR-9710 quick start guide

Cisco

Cisco 805 Series Product overview