RocketLinx WR7802-XT Series User Guide
: 2000638 Rev. A
VPN Pages - 91
Configuration Using the Web User Interface
VPN Pages
The VPN feature set of web pages allow you to configure the WR7802-XT as a VPN client that you want to
connect to a VPN server. It also allows you to configure one-to-one VPN Server service for one VPN client. You
can use both the OpenVPN Server and OpenVPN Client pages to build the one-to-on connection between two
devices.
OpenVPN is a full-featured SSL VPN:
•
Implements OSI Layer 2 or 3 secure network extensions using the industry standard SSL/TLS protocol.
•
Supports flexible client authentication methods based on certificates, smart cards, and/or username/
password credentials.
•
Allows user or group-specific access control policies using firewall rules applied to the VPN virtual
interface.
The first step to building an OpenVPN 2.x configuration is to establish a PKI (public key infrastructure). PKI
consists of a separate certificate (also known as a public key) and private key for the server and each client,
and a master Certificate Authority (CA) certificate and key that are used to sign each of the server and client
certificates.
In static encryption mode, each VPN client shares the same static key with OpenVPN server.
In TLS encryption mode, each VPN client needs 3 keys, while VPN server needs 4 keys. The description of the
7 keys listed below.
If the WR7802-XT acts as an OpenVPN client the
ca.crt
,
client.crt
and
client.key
are needed to establish the
OpenVPN tunnel as the OpenVPN client.
Note:
The file names of these keys are pre-defined and cannot be changed.
Use the
VPN |VPN Certificate
web page to upload these keys. Import the keys one by one on the page. In
addition, use this page to delete old certificates. Refer to
Use the
VPN | OpenVPN Client
web page to configure the OpenVPN client (
Note:
The settings should be consistent with OpenVPN server.
Filename
Needed By
Purpose
Secret
ca.crt
Server and All Clients
Root CA Certificate
No
ca.key
Key Signing Machine Only
Root CA Key
Yes
dh{n}.pem
Server Only
Diffie Hellman Parameters
No
server.crt
Server Only
Server Certificate
No
server.key
Server Only
Server Key
Yes
client.crt
Client Only
Client1 Certificate
No
client.key
Client Only
Client Key
Yes
Beta
Version