You are on page 1of 3

First Install the OpenVPN Client Export Utility Package 1) Goto System !

Packages ") Choose #$%aila&le Packages 'a&# () )ocate the OpenVPN Client Export Utlity Package an* install it &y pressing the #+# on the right Set,p yo,r Certs 1) Goto System ! Cert -anager ") Goto C$ 'a& an* create a C$ &y pressing the #+# &,tton () Fill in the &oxes .ith the appropriate in/ormation0 making s,re to change metho* to #Create Internal Certi/icate $,thority#1 $lternati%ely yo, can also import yo,r o.n1 2o,tsi*e the scope o/ this g,i*e) 3) Create the ser%er certi/icate &y clicking the #Certi/icates# ta& an* pressing the #+# &,tton 4) Change #-etho*# to #Create an internal Certi/icate#0 an* #Certi/icate 'ype# to #Ser%er Certi/icate# Fill in the appropriate in/ormation an* make s,re to change the Certi/icate $,thority to that o/ the C$ yo, 5,st create* in step (1 6) Create User Certi/icates in the same .ay &,t instea* o/ choosing #Ser%er Certi/icate# /or Certi/icate type0 make s,re to choose #User Certi/icate# 7It is recommen*e* that each in*i%i*,al PC that connects to the VPN ha%e their o.n certi/icates create*1 77It is also not necessary0 &,t recommene* to create a re%ocation list1 Click the Client 8e%ocation ta&0 then the #+# to a** one1 Choose the C$ yo, ma*e in step (1 Set,p the OpenVPN ser%er 1) Goto VPN ! OpenVPN ") On the Ser%er ta& press the #+# &,tton to create an OpenVPN ser%er () Fill in the /ollo.ing settings 9isa&le* Unchecke* 2O&%io,sly:) Ser%er -o*e 8emote $ccess 2SS);')S) Protocol U9P 9e%ice -o*e tap Inter/ace <$N Port 11=3 9escription 7*escription o/ yo,r ser%er7 ')S $,thentication Check &oth &oxes111 this also creates yo,r a,thentication key Peer Certi/icate $,thority 7choose the C$ yo, create* earlier7 Peer Certi/icate 8e%ocation )ist i/ yo, ma*e one .hile setting ,p the certs speci/y it here Ser%er Certi/icate 7choose the ser%er certi/icate yo, create* earlier7 9> Parameters 1?"3 Encryption algorithm@ $ES 1"A CBC 21"A &it) >ar*.are Crypto options here may *i//er0 &,t choose a har*.are crypto engine i/ yo, ha%e one Certi/icate 9epth One 2Client+Ser%er)

777777777777 IP settings 777777777777 Ip%3 ',nnel Net.ork )ea%e &lank0 not ,se* in tap;&ri*ge mo*e Ip%6 ',nnel Net.ork )ea%e &lank0 not ,se* in tap;&ri*ge mo*e Bri*ge 9>CP check Bri*ge Inter/ace )$N Ser%er Bri*ge 9>CP Start start o/ yo,r ip a**ress range /or remote clients Ser%er Bri*ge 9>CP En* en* o/ yo,r ip a**ress range /or remote clients 79>CP a**ress range sho,l* &e a range o/ IP a**resses that are .ithin the ip a**ress range o/ yo,r )$N net.ork1 8e*irect Gate.ay ,ncheck IP%3 )ocal Net.ork this is the a**ress o/ yo,r )$N net.ork expresse* as a CI98 range0 most likely 1="116A111?;"3 IP%6 )ocal Net.ork )ea%e &lank Conc,rrent connections " Compression /or &an*.i*th re*,ction check this &ox 'ype o/ Ser%ice ,ncheck Inter client comm,nication check this &ox i/ yo, .ant remote clients to &e a&le to access each other 9,plicate Connections allo.s m,ltiple connections /rom the same client0 not recommen*e* &,t may possi&ly &e nee*e* 9ynami* IP i/ yo,r ro,terCs <$N IP changes yo, sho,l* check this $**ress Pool check 9NS 9e/a,lt 9omain /ill this in i/ yo, ha%e one 9NS Ser%ers set to yo,r local 9NS ser%er Press sa%e an* yo,r OpenVPN ser%er is create* Create yo,r Inter/ace an* Bri*ge@ 1) Inter/aces ! 2assign) ") a** an inter/ace &y pressing the #+# &,tton () in the *rop *o.n &ox next to the OP'1 inter/ace that .as create* choose the open %pn ser%er instance .e 5,st create* 3) goto Inter/aces ! OP'1 4) Ena&le the inter/ace an* gi%e it a 9escription 6) goto Inter/aces ! 2assign) D) choose the Bri*ges ta& an* then click the #+# &,tton to a** a &ri*ge A) >ol* the C'8) &,tton an* highlight &oth yo,r )$N inter/ace an* the rename* OP'1 inter/ace .e 5,st create*1 Create a /ire.all r,le allo.ing tra//ic on yo,r OpenVPN port /or the <$N inter/ace1 1) Goto Fire.all ! 8,les ") Choose the <$N ta& () Press the #+# on near the top right to a** a r,le an* enter the /ollo.ing in/ormation@

$ction@ Pass 9isa&le*@ ,ncheck Inter/ace@ <$N 'CP;IP Vesion@ IP%3 Protocol@ 'he protocol yo, chose in the OpenVPN ser%er settings0 pro&a&ly U9P So,rce not@ ,nchecke* 'ype@ any $**ress@ lea%e &lank 9estination@ not@ ,nchecke* type@ <$N a**ress $**ress@ &lank 9estination port range@ Port yo,r OpenVPN ser%er r,ns on0 pro&a&ly 11=3 )og@ ,p to yo, 9escription@ optional0 gi%e the r,le a *escription Eo,Cre *one1 'he last thing to *o is export the client con/igs1 ),ckily .ith %"11 p/sense has ma*e this st,pi* easy to *o1 1) VPN ! OpenVPN ") Choose the client Export 'a& () Eo, sho,l* see an option to export a con/ig /or each certi/icate yo, create* earlier1 >ope/,lly yo, name* yo,r certs something easily i*enti/ia&le1 3) Its recommen*e* that /or <in*o.s yo, choose the <in*o.s Installer1 'his .ill *o.nloa* an* install OpenVPN an* the con/ig /iles1 Eo,Cre *one1 Ping the )$N inter/ace

You might also like