< Knowledge Base

OpenVPN Setup on Vigor Router with XCA

Published On: Nov 27, 2018 

OpenVPN is an open source software that implements virtual private network (VPN) techniques for secure site-to-site and remote access. OpenVPN is capable of traversing network address translators (NATs) and firewalls since it uses a custom security protocol that utilizes SSL/TLS for key exchanges.
OpenVPN allows peers to authenticate each other using a pre-shared secret key, certificates, or username/password. With a Certificate Authority (CA) to sign the certificate, it allows the server to use a different certificate for each client in a multiclient-server topology.
In this article, we will use XCA, a free Certificate Authority (CA) software, to generate and manage the server and client certificate that required for OpenVPN configuration. This article includes:

Part 1. Making Server Certificate on the Router

1-1. Since the certificate has a valid period, please make sure the time settings of the router is correct at System Maintenance >> Time and Date.

a screenshot of DrayOS

1-2. Go to Certificate Management >> Local Certificate to generate a new certificate. Type the information, then click Generate.

a screenshot of DrayOS

1-3. After clicking Generate, you will see the Certificate Signing Request, which needs to be signed by a CA. Copy the certificate at PEM Format Content.

a screenshot of DrayOS
Part 2. Create a new CA on XCA

2-1. Launch XCA, go to the Certificates tab, click New Certificate. Select Create a self-signed Certificate with the serial. Click Apply all to apply the CA Template.

a screenshot of XCA

2-2. Go the Subject page,

a screenshot of XCA
Part 3. Importing Signed Server Certificate and CA Certificate to the Router

3-1 Go to Certificate signing requests, select Paste PEM data and paste the PEM Format Content copied from the router in step 1-3.

a screenshot of XCA

3-2. Right-click on the imported certificate and select Sign. Use the certificate created in step 2 to signing.

a screenshot of XCA

3-3 Export the Singed Local Certificate in .crt format. Go back to the router's GUI, import it to the router at Certificate Management >> Local Certificate >> Upload Local Certificate.

a screenshot of XCA and DrayOS

3-4 Make sure the status of the certificate uploaded is OK.

a screenshot of DrayOS

3-5 On XCA, go to Certificate, choose the CA certificate and export it in .crt format, and import it to the router at Certificate Management >> Trusted CA Certificate.

a screenshot of XCA and DrayOS

3-6 Make sure the status of the Trusted CA imported is OK.

Part 4. Making a Private Certificate and Private key for the VPN Client

4-1 On XCA, go to Certificates, click New Certificate. At Signing, select use the CA certificate for singing.

a screenshot of XCA

4-2 Go to the Subject page,

a screenshot of XCA

4-3. Go to Certificates, select the certificate we just created. Export it in .crt format and import to the VPN client.

a screenshot of XCA

4-4. Go to Private Keys, export the Private Key (Oclient.key), manually change extension name to .key. Then, import it to the VPN client.

a screenshot of XCA
Part 5. Router Setup as OpenVPN Server

5-1. Go to VPN and Remote Access >> OpenVPN General Setup, and have the configuration below.

a screenshot of DrayOS

5-2. Go to the Client Config tab, specify the file name of CA Certificate, Client Certificate, and Client Key. Then, click Export.

a screenshot of DrayOS

5-3. Go to VPN and Remote Access >> Remote Dial-in User to create user profiles for OpenVPN Dial-in users. Check Enable this account, enter Username/Password, and check OpenVPN Tunnel in Allowed Dial-In Type.

a screenshot of DrayOS

5-4. Go to SSL VPN >> General Setup to specify the Server Certificate, here we choose “openvpn,” which is the Local Certificate generated in part 2.

a screenshot of DrayOS
Part 6: Client Setup in OpenVPN GUI

6-1 Import the OpenVPN config (test.ovpn) in OpenVPN GUI. There are three files to put in the OpenVPN config folder:

s screenshot of OpenVPN UI

6-2 Click Connect and enter username/password configured in step 5-3.

a screenshot of OpenVPN UI

After establishing the OpenVPN tunnels, the VPN status will show in VPN and Remote Access >> Connection Management

a screenshot of DrayOS showing OpenVPN online

Was this helpful?     


Related Articles