How to establish VPN connection to Vigor router via OpenVPN
OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchanges. It is capable of traversing network address translators (NATs) and firewalls.
OpenVPN allows peers to authenticate each other using a pre-shared secret key, certificates, or username/password. When used in a multiclient-server configuration, it allows the server to release an authentication certificate for every client, using signature and Certificate authority.
Following is the step-by-step setting.
Part A: Time Setup
Please make sure the time setting of router is correct.
Part B: Making a Local Certificate and Trusted CA Certificate
Please go to Certificate Management >> Local Certificate to generate a Certificate Signing Request, and type related information in the Subject Alternative Name and Subject Name sections.
After clicking Generate, you will see the following screenshot, and please copy PEM Format Content.
XCA is a freeware for the CA Server.
Launch XCA as CA Server
- Click New Certificate.
- Choose Create a self signed Certificate with the serial in the signing section.
- Click Apply All to apply the CA Template.
4. In Subject page, type a distinguishable or preferred name.
5. Click Generate a new key to create a RSA 2048 bit for this Certificate.
6. Click OK, and we have generated a Trusted CA Certificate well.
7. Paste the PEM format content in XCA Certificate signing requests
8. Sign Certificate with right click and choose the Sign option.
9. Export the Local Certificate and import it to Vigor.
10. Export the Trusted CA Certificate (CAtest.crt) and import it to Vigor.
Part C: Making a Private Certificate and Private key for the PC
- Click New Certificate button on XCA.
- Sign with the Trusted Certificate, and go to the Subject tab.
3. In Subject page, type a distinguishable or preferred name.
4. Click Generate a new key and create a RSA 2048 bit key for this Certificate.
5. Click OK, and we have generated the Trusted CA Certificate well.
6. Export the Private Certificate (Oclient.crt) and import to PC.
7. Export the Private Key (Oclient.key) and import to PC.(change extension name to .key manually)
Part D: Setup for OpenVPN Dial-In User on the Router
- Please go to VPN and Remote Access >> OpenVPN General Setup, and follow the OpenVPN setting as the screenshot below.
2. Then export Openvpn configuration file with RootCA, certificate and key for the PC
3. Go to VPN and Remote Access >> Remote Dial-in User to set up the profiles for Dial-in users.
4. Go to SSL VPN >> General Setup to set up the Server Certificate Handshake Key for Dial-in users, and here for the Server Certificate we choose “openvpn”, which represents the Local Certificate for OpenVPN user we have generated in Part B.
Part E: Setup for OpenVPN GUI
Import the OpenVPN config(test.ovpn) to OpenVPN GUI.
Now there are three files to put in the OpenVPN config folder —Trusted CA Certificate (CAtest.crt), Private Certificate (Oclient.crt), and Private Key (Oclient.key).
Click Connect and enter username/password for OpenVPN in OpenVPN GUI
After establishing the OpenVPN tunnels, the VPN status can be seem in VPN and Remote Access>>Connection Management