USER MANUAL
PrestoAdvancedAD101_AD301_UG_000_UK
Descriptions and non-contractual illustrations in this document are given as an indication only.
M2M Design reserves the right to make any modification
36
OpenVPN
OpenVPN site to site allows connecting two remote networks via point-to-point encrypted tunnel.
OpenVPN implementation offers a cost-effective simply configurable alternative to other VPN technologies.
OpenVPN allows peers to authenticate each other using a pre-shared secret key, certificates, or
username/password. When used in a multiclient-server configuration, it allows the server to release an
authentication certificate for every client, using signature and Certificate authority. It uses the OpenSSL
encryption library extensively, as well as the SSLv3/TLSv1 protocol, and contains many security and control
features. The server and client have almost the same configuration. The difference in the client configuration
is the remote endpoint IP or hostname field. Also the client can set up the keepalive settings. For successful
tunnel creation a static key must be generated on one side and the same key must be uploaded on the
opposite side.
OpenVPN
Label
Description
IP Filtering
Tunnel Number
Automatically assigned number of the tunnel.
Tunnel Name
This field specifies tunnel name.
Enable
Check this setting in order to enable OpenVPN tunnel.
Allow access from the following devices
Interface Type
There are two modes of OpenVPN tunnel, routed and bridged mode.
For
routed mode select option TUN, and for bridged TAP
Authenticate Mode
Choose one of the following options:
- none (Select this option if you do not want to use any kind of authentication)
- pre-shared secret (Select this option if you want to use PSK as a authentication
method)
- username/password (Select this option if you want to use
username/password along with CA Certificate as a authentication method)
- X.509 cert. (client) (Select this option if you want to use X.509 certificates as a
authentication method in client mode)
- X.509 cert. (server) (Select this option if you want to use X.509 certificates as a
authentication method in server mode)
NOTE
: Depending on the options selected in the previous steps, some of the following options will be
available for configuration.
Protocol
Selection between TCP in server or client mode and UDP protocol in connect or
wait mode.
TCP/UDP port
Depending on the selected protocol, port number should be specified.
LZO Compression
Check the box to enable fast adaptive LZO compression.
NAT Rules
Enables NAT through the tunnel.
Keep Alive
Check the box if you want to use keepalive.
Ping Interval
This field specifies the target IP address for periodical traffic generated using
ping in order to maintain the connection active.
Ping Timeout
This field specifies ping interval for keepalive option.
Pre-shared Secret
Generate or Paste the Pre-shared Secret. You have an additional option to
Export the PSK.
