Chapter 7: the vpn menu, 1 openvpn server, 1 server configuration – NEXCOM IFA 1610 User Manual
Page 60: 2 openvpn settings, 1 server configuration 7.1.2 openvpn settings
Copyright © 2014 NEXCOM International Co., Ltd. All Rights Reserved.
IFA 3610/IFA 2610/IFA 1610 User Manual
Chapter 7: The VPN Menu
57
Chapter 7: The VPN Menu
7.1 OpenVPN Server
When configured as an OpenVPN server, the appliance can accept remote connections from the uplink and allow a VPN
client to be set up and work as if it were a local workstation or server.
Starting with version 3.0, the OpenVPN server deployed on the appliance allows the simultaneous presence of several
instances. Each server will listen to one different port, accepting incoming connections on that port only. Moreover, when
the hardware on which appliance is installed has multiple CPU cores, every instance may be assigned more that one
core, thus resulting in an increase of the throughput and data processing of that instance. It is nevertheless also possible
to have multiple instances of OpenVPN running on a device equipped with a single-core CPU, though this results in the
CPU carrying the load of all instances.
The OpenVPN server settings page is composed of two tabs: Server configuration and VPN client download.
7.1.1 Server Configuration
This page shows a switch Enable OpenVPN server , that will start the OpenVPN server and all services related
to it (like e.g., the VPN firewall if enabled) once clicked. Below, there is one box, OpenVPN settings, that allows to set up
some global settings. Right below, a link allows to define a new server instance while at the bottom of the page there’s
the list of the available OpenVPN servers running on the appliance, if any has already been defined. The list shows the
following data about each OpenVPN server instance defined: The name, remark, and details about the configuration,
namely: The port on which it is listening, the protocol, the type of device, and the type of network. Finally, the actions
available are:
▪ - the server is active or stopped.
▪ - modify the server’s configuration
▪ - remove the configuration and the server.
Note:
When starting the OpenVPN server for the first time, the root and host certificates are generated automatically.
7.1.2 OpenVPN Settings
The box on the top shows the current OpenVPN settings, which concern the authentication method, and are:
Authentication type
There are three available authentication methods to connect clients to the OpenVPN server running on the appliance:
▪ PSK (username and password). Connection is established after providing correct username and password.
▪ X.509 certificate. A valid certificate only is needed to connect.
▪ X.509 certificate & PSK (two factor). Besides a valid certificate, username and passwords are needed.
Warning:
When employing certificate-only authentication, a client with a valid certificate will be granted access to the
OpenVPN server even if it has no valid account!
The appliance‘s default method is PSK (username/password): The client authenticates using username and password. To
use this method, no additional change is needed, while the other two methods are described below.
Certificate configuration
This drop-down menu is used to select the method of creation of a new certificate. The available options are:
▪ Generate a new certificate. Create a new certificate from scratch. This option is only available if no host certificate has
already been generated. A form will open where to specify all options necessary to create a new certificate. These are
the same found in the new certificates generation editor, with two slight changes: Common name becomes System
hostname and Organizational unit name becomes Department name.