Virtual Private Networks (VPN)
OpenVPN
TX54 User Guide
455
OpenVPN
OpenVPN is an open-source Virtual Private Network (VPN) technology that creates secure point-to-
point or site-to-site connections in routed or bridged configurations. OpenVPN uses a custom security
protocol that is Secure Socket Layer (SSL) / Transport Layer Security (TLS) for key exchange. It uses
standard encryption and authentication algorithms for data privacy and authentication over TCP or
UDP.
The OpenVPN server can push the network configuration, such as the topology and IP routes, to
OpenVPN clients. This makes OpenVPN simpler to configure as it reduces the chances of a
configuration mismatch between the client and server. OpenVPN also supports cipher negotiation
between the client and server. This means you can configure the OpenVPN server and clients with a
range of different cipher options and the server will negotiate with the client on the cipher to use for
the connection.
For more information on OpenVPN, see
.
OpenVPN modes:
There are two modes for running OpenVPN:
n
Routing mode, also known as TUN.
n
Bridging mode, also known as TAP.
Routing (TUN) mode
In routing mode, each OpenVPN client is assigned a different IP subnet from the OpenVPN server and
other OpenVPN clients. OpenVPN clients use Network Address Translation (NAT) to route traffic from
devices connected on its LAN interfaces to the OpenVPN server.
The manner in which the IP subnets are defined depends on the OpenVPN topology in use. The TX54
device supports two types of OpenVPN topology:
OpenVPN Topology
Subnet definition method
net30
Each OpenVPN client is assigned a
/30
subnet within the IP subnet specified
in the OpenVPN server configuration. With net30 topology, pushed routes
are used, with the exception of the default route. Automatic route pushing
(exec) is not allowed, because this would not inform the firewall and would
be blocked.
subnet
Each OpenVPN client connected to the OpenVPN server is assigned an IP
address within the IP subnet specified in the OpenVPN server configuration.
For the TX54 device, pushed routes are not allowed; you will need to
manually configure routes on the device.
For more information on OpenVPN topologies, see
Bridging (TAP) mode
In bridging mode, a LAN interface on the OpenVPN server is assigned to OpenVPN. The LAN interfaces
of the OpenVPN clients are on the same IP subnet as the OpenVPN server’s LAN interface. This means
that devices connected to the OpenVPN client’s LAN interface are on the same IP subnet as devices.
The TX54 device supports two mechanisms for configuring an OpenVPN server in TAP mode:
Summary of Contents for TX54
Page 1: ...TX54 User Guide Firmware version 22 2 ...
Page 190: ...Interfaces Bridging TX54 User Guide 190 ...
Page 293: ...Hotspot Hotspot configuration TX54 User Guide 293 ...
Page 332: ...Hotspot Show hotspot status and statistics TX54 User Guide 332 ...
Page 584: ...Services Simple Network Management Protocol SNMP TX54 User Guide 584 4 Click Download ...