How to configure OpenVPN on Omada Gateway via Omada Controller
Configuration for OpenVPN Server
Configuration for OpenVPN Client
Objective
This article introduces how to configure the OpenVPN feature on Omada gateway via Omada Controller.
Requirements
- Omada Gateway series
- Omada Software Controller / Hardware Controller / Cloud Based Controller
Introduction
OpenVPN is open-source virtual private network (VPN) software that utilizes SSL/TLS protocols for encrypted communication. It provides secure remote access and site-to-site connections and is widely used to protect network communication and access control.
- OpenVPN Server
Omada Gateway acts as an OpenVPN server that enables clients to securely access the intranet or the internet.
- OpenVPN Client
Omada Gateway acts as an OpenVPN client that enables clients in a LAN network to securely access remote sites or the internet.
Configuration
Configuration for OpenVPN Server
The connection topology is as follows:
Step 1. Log in to the Controller via web browser, go to Settings > VPN, and click Create New VPN Policy.
Step 2. Give this server a name and click Client-to-Site VPN. Then click the VPN Type drop list and choose VPN Server-OpenVPN.
Step 3. Click the Enable box of the Account Password and select the WAN to set the WAN port you want to use for OpenVPN server.
Note: Full tunnel: All traffic of the VPN client will go through the VPN. Split tunnel: Only traffic to access the specified network will go through the VPN.
Step 4. Enter a private network in the IP Pool such as 10.10.10.0/24. If you want to specify a DNS server to clients, enter one or two DNS server in the Primary DNS Server and Secondary DNS Server such as 8.8.8.8 and 8.8.4.4. Then click Apply.
Step 5. Create an OpenVPN user.
Go to VPN user and click Add. Here, we specify the Account Name as admin, the Password as 12345678, the Protocol as Open VPN, and the VPN Server as the Open VPN Server created in Steps 1-4, then click Create.
Note: If the Account Passward is disabled, please skip Step 5 and go to Step 6.
Step 6. Export the OpenVPN file.
Go to Settings > VPN > VPN Policy List and click export in the Action column to export the Open VPN file that ends in .ovpn, which is to be used by the remote client. The exported Open VPN file contains the certificate and configuration information.
Step 7. Configure OpenVPN Connection on Your Remote Device.
Here we use the OpenVPN Connect APP on Windows as a demonstration. Import the .ovpn file from Step 6 into the app and fill in the account and password set in Step 3. Then click the CONNECT.
Configuration for OpenVPN Client
Take the following topology as an example. We will configure Gateway A as an OpenVPN Client to connect to the OpenVPN Server (Gateway B).
Step 1. Export OpenVPN configuration file including username and password on Gateway B. You can refer to the Configuration for OpenVPN Server.
Step 2. Log in to the Controller via web browser, go to Settings > VPN, and click Create New VPN Policy.
Step 3. Give this client a name and click Client-to-Site VPN. Then click the VPN Type drop list and choose VPN Client-OpenVPN.
Step 4. Click the Certificate + Account Box and enter the Username and password. Then, fill in the Remote Server with the IP port of the OpenVPN server.
Step 5. Select the WAN to set the WAN port you want to use for the OpenVPN client. Then click import to upload the OpenVPN file that ends in .ovpn generated by the OpenVPN server. Finally, click Create.
Verification
Step 1. Go to Insights > VPN status > OpenVPN/PPTP/L2TP > Server to check if a tunnel has been established.
Step 2. Go to Insights > VPN status > OpenVPN/PPTP/L2TP > Client to check if a tunnel has been established.
Conclusion
You have now successfully configured OpenVPN on Omada Gateway.
Get to know more details of each function and configuration please go to Download Center to download the manual of your product.
Был ли этот FAQ полезен?
Ваш отзыв поможет нам улучшить работу сайта.
Сообщество TP-Link
Нужна помощь? Задавайте вопросы, находите ответы и обращайтесь за помощью к специалистам TP-Link и другим пользователям со всего мира.