2 openvpn client (gw2gw), 1 add tunnel configuration, 2 advanced tunnel configuration – NEXCOM IFA 1610 User Manual
Page 64
Copyright © 2014 NEXCOM International Co., Ltd. All Rights Reserved.
IFA 3610/IFA 2610/IFA 1610 User Manual
Chapter 7: The VPN Menu
61
7.2 OpenVPN Client (Gw2Gw)
In this page appears the list of the appliance‘s connections as OpenVPN clients, i.e., all tunnelled connections to remote
OpenVPN servers. For every connection, the list reports the status, the name, any additional option, a remark, and the
actions available:
▪ - the server is active or stopped.
▪ - modify the server’s configuration
▪ - remove the configuration and the server.
The status is closed when the connection is disabled, established when the connection is enabled, and connecting...
while the connection is being established. Beside to enable and to disable a connection, the available actions are to edit
or delete it. In the former case, a form will open, that is the same as the one that opens when adding a connection (see
below) in which to see and modify the current settings, whereas in the latter case only deletion of that profile from the
appliance is permitted.
The creation of a new OpenVPN client connections is straightforward and can be done in two ways: Either click on the
Add tunnel configuration button and enter the necessary information about the OpenVPN server to which to connect
(there can be more than one) or import the client settings from the OpenVPN Access Server by clicking on Import profile
from OpenVPN Access Server.
7.2.1 Add Tunnel Configuration
There are two types of settings that can be configured for each tunnel configuration: The basic one includes mandatory
options for the tunnel to be established, while the advanced one is optional and normally should be changed only if the
OpenVPN server has a non-standard setup. To access the advanced settings, click on the >> button next to the Advanced
tunnel configuration label. The basic settings are:
Connection name
A label to identify the connection.
Connect to
The remote OpenVPN server’s FQDN, port, and protocol in the form
myvpn.example.com:port:protocol. The
port and protocol are optional and left on their default values which are 1194 and udp respectively when not specified.
The protocol must be specified in lowercase letters.
Upload certificate
The server certificate needed for the tunnel connection. Browsing the local filesystem is admitted, to search for the file,
of the path and filename can be entered. If the server is configured to use PSK authentication (password/username), the
server’s host certificate (i.e., the one downloaded from the Download CA certificate link in the server’s Menubar
►
VPN
► OpenVPN server section) must be uploaded to the appliance. Otherwise, to use certificate-based authentication,
the server’s PKCS#12 file (i.e., the one downloaded from the Export CA as PKCS#12 file link on the server’s Menubar
► VPN ► OpenVPN server ► Advanced section) must be uploaded.
PKCS#12 challenge password
Insert here the Challenge password, if one was supplied to the CA before or during the creation of the certificate. This
is only needed when uploading a PKCS#12 certificate.
Username, Password
If the server is configured to use PSK authentication (password/username) or certificate plus password authentication,
provide here the username and password of the account on the OpenVPN server.
Remark
A comment on the connection.
7.2.2 Advanced Tunnel Configuration
In this box, that appears when clicking on the >> button in the previous box, additional options can be modified, though
the values in this box should be modified only if the server side has not been configured with standard values.