OpenVPN Site-to-Site on Edgerouter
In this video, I go through how to set up a site-to-site OpenVPN connection on an Edgerouter. I'm using virtual machines in this video which run VyOS to demonstrate how to configure the Edgerouter, but the commands are the same. Below is a breakdown of the configuration as well as a link to my favorite guide on how to do this.
Also, this is a three-part series. This video only goes through the overview and how to configure the OpenVPN tunnel interface. Dynamic DNS and routing setup are covered in the other videos.
Guide: https://www.codeproject.com/Articles/...
Configuration Commands for Router 1
generate vpn openvpn-key /config/auth/secret
sudo scp /config/auth/secret [email protected]:/config/auth/secret
configure
set interfaces openvpn vtun0 mode site-to-site
set interfaces openvpn vtun0 local-port 1194
set interfaces openvpn vtun0 remote-port 1194
set interfaces openvpn vtun0 local-address "local vtun IP"
set interfaces openvpn vtun0 remote-address "remote vtun IP"
set interfaces openvpn vtun0 remote-host router2.dyndns.info
set interfaces openvpn vtun0 shared-secret-key-file /config/auth/secret
set interfaces openvpn vtun0 openvpn-option "--comp-lzo"
set interfaces openvpn vtun0 openvpn-option "--float"
set interfaces openvpn vtun0 openvpn-option "--ping 10"
set interfaces openvpn vtun0 openvpn-option "--ping-restart 20"
set interfaces openvpn vtun0 openvpn-option "--ping-timer-rem"
set interfaces openvpn vtun0 openvpn-option "--persist-tun"
set interfaces openvpn vtun0 openvpn-option "--persist-key"
set interfaces openvpn vtun0 openvpn-option "--user nobody"
set interfaces openvpn vtun0 openvpn-option "--group nogroup"
commit
save
exit
Configuration Commands for Router 2
configure
set interfaces openvpn vtun0
set interfaces openvpn vtun0 mode site-to-site
set interfaces openvpn vtun0 local-port 1194
set interfaces openvpn vtun0 remote-port 1194
set interfaces openvpn vtun0 local-address "local vtun IP"
set interfaces openvpn vtun0 remote-address "remote vtun IP"
set interfaces openvpn vtun0 remote-host router1.dyndns.info
set interfaces openvpn vtun0 shared-secret-key-file /config/auth/secret
set interfaces openvpn vtun0 openvpn-option "--comp-lzo"
set interfaces openvpn vtun0 openvpn-option "--float"
set interfaces openvpn vtun0 openvpn-option "--ping 10"
set interfaces openvpn vtun0 openvpn-option "--ping-restart 20"
set interfaces openvpn vtun0 openvpn-option "--ping-timer-rem"
set interfaces openvpn vtun0 openvpn-option "--persist-tun"
set interfaces openvpn vtun0 openvpn-option "--persist-key"
set interfaces openvpn vtun0 openvpn-option "--user nobody"
set interfaces openvpn vtun0 openvpn-option "--group nogroup"
commit
save
exit
Verification Commands (Shouldn't work since routing isn't set up)
show interfaces openvpn
show interfaces openvpn detail
show openvpn status site-to-site
DON'T FORGET TO CLOSE THE FIREWALL EXCEPTION MADE FOR SSH CONNECTIONS OVER THE INTERNET! I don't show the removal of this rule in the video.
Смотрите видео OpenVPN Site-to-Site on Edgerouter онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь Toasty Answers 09 Февраль 2019, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 25,45 раз и оно понравилось 19 людям.