OpenVPN Site-to-Site on Edgerouter
In this video, I go through how to set up a site-to-site OpenVPN connection on an Edgerouter. I'm using virtual machines in this video which run VyOS to demonstrate how to configure the Edgerouter, but the commands are the same. Below is a breakdown of the configuration as well as a link to my favorite guide on how to do this.
Also, this is a three-part series. This video only goes through the overview and how to configure the OpenVPN tunnel interface. Dynamic DNS and routing setup are covered in the other videos.
Guide: https://www.codeproject.com/Articles/1135556/Building-OpenVPN-Site-To-Site-Tunnel-on-Dynamic-Ad
Configuration Commands for Router 1
generate vpn openvpn-key /config/auth/secret
sudo scp /config/auth/secret username@router2.dyndns.info:/config/auth/secret
configure
set interfaces openvpn vtun0 mode site-to-site
set interfaces openvpn vtun0 local-port 1194
set interfaces openvpn vtun0 remote-port 1194
set interfaces openvpn vtun0 local-address "local vtun IP"
set interfaces openvpn vtun0 remote-address "remote vtun IP"
set interfaces openvpn vtun0 remote-host router2.dyndns.info
set interfaces openvpn vtun0 shared-secret-key-file /config/auth/secret
set interfaces openvpn vtun0 openvpn-option "--comp-lzo"
set interfaces openvpn vtun0 openvpn-option "--float"
set interfaces openvpn vtun0 openvpn-option "--ping 10"
set interfaces openvpn vtun0 openvpn-option "--ping-restart 20"
set interfaces openvpn vtun0 openvpn-option "--ping-timer-rem"
set interfaces openvpn vtun0 openvpn-option "--persist-tun"
set interfaces openvpn vtun0 openvpn-option "--persist-key"
set interfaces openvpn vtun0 openvpn-option "--user nobody"
set interfaces openvpn vtun0 openvpn-option "--group nogroup"
commit
save
exit
Configuration Commands for Router 2
configure
set interfaces openvpn vtun0
set interfaces openvpn vtun0 mode site-to-site
set interfaces openvpn vtun0 local-port 1194
set interfaces openvpn vtun0 remote-port 1194
set interfaces openvpn vtun0 local-address "local vtun IP"
set interfaces openvpn vtun0 remote-address "remote vtun IP"
set interfaces openvpn vtun0 remote-host router1.dyndns.info
set interfaces openvpn vtun0 shared-secret-key-file /config/auth/secret
set interfaces openvpn vtun0 openvpn-option "--comp-lzo"
set interfaces openvpn vtun0 openvpn-option "--float"
set interfaces openvpn vtun0 openvpn-option "--ping 10"
set interfaces openvpn vtun0 openvpn-option "--ping-restart 20"
set interfaces openvpn vtun0 openvpn-option "--ping-timer-rem"
set interfaces openvpn vtun0 openvpn-option "--persist-tun"
set interfaces openvpn vtun0 openvpn-option "--persist-key"
set interfaces openvpn vtun0 openvpn-option "--user nobody"
set interfaces openvpn vtun0 openvpn-option "--group nogroup"
commit
save
exit
Verification Commands (Shouldn't work since routing isn't set up)
show interfaces openvpn
show interfaces openvpn detail
show openvpn status site-to-site
DON'T FORGET TO CLOSE THE FIREWALL EXCEPTION MADE FOR SSH CONNECTIONS OVER THE INTERNET! I don't show the removal of this rule in the video.
Видео OpenVPN Site-to-Site on Edgerouter канала Toasty Answers
Also, this is a three-part series. This video only goes through the overview and how to configure the OpenVPN tunnel interface. Dynamic DNS and routing setup are covered in the other videos.
Guide: https://www.codeproject.com/Articles/1135556/Building-OpenVPN-Site-To-Site-Tunnel-on-Dynamic-Ad
Configuration Commands for Router 1
generate vpn openvpn-key /config/auth/secret
sudo scp /config/auth/secret username@router2.dyndns.info:/config/auth/secret
configure
set interfaces openvpn vtun0 mode site-to-site
set interfaces openvpn vtun0 local-port 1194
set interfaces openvpn vtun0 remote-port 1194
set interfaces openvpn vtun0 local-address "local vtun IP"
set interfaces openvpn vtun0 remote-address "remote vtun IP"
set interfaces openvpn vtun0 remote-host router2.dyndns.info
set interfaces openvpn vtun0 shared-secret-key-file /config/auth/secret
set interfaces openvpn vtun0 openvpn-option "--comp-lzo"
set interfaces openvpn vtun0 openvpn-option "--float"
set interfaces openvpn vtun0 openvpn-option "--ping 10"
set interfaces openvpn vtun0 openvpn-option "--ping-restart 20"
set interfaces openvpn vtun0 openvpn-option "--ping-timer-rem"
set interfaces openvpn vtun0 openvpn-option "--persist-tun"
set interfaces openvpn vtun0 openvpn-option "--persist-key"
set interfaces openvpn vtun0 openvpn-option "--user nobody"
set interfaces openvpn vtun0 openvpn-option "--group nogroup"
commit
save
exit
Configuration Commands for Router 2
configure
set interfaces openvpn vtun0
set interfaces openvpn vtun0 mode site-to-site
set interfaces openvpn vtun0 local-port 1194
set interfaces openvpn vtun0 remote-port 1194
set interfaces openvpn vtun0 local-address "local vtun IP"
set interfaces openvpn vtun0 remote-address "remote vtun IP"
set interfaces openvpn vtun0 remote-host router1.dyndns.info
set interfaces openvpn vtun0 shared-secret-key-file /config/auth/secret
set interfaces openvpn vtun0 openvpn-option "--comp-lzo"
set interfaces openvpn vtun0 openvpn-option "--float"
set interfaces openvpn vtun0 openvpn-option "--ping 10"
set interfaces openvpn vtun0 openvpn-option "--ping-restart 20"
set interfaces openvpn vtun0 openvpn-option "--ping-timer-rem"
set interfaces openvpn vtun0 openvpn-option "--persist-tun"
set interfaces openvpn vtun0 openvpn-option "--persist-key"
set interfaces openvpn vtun0 openvpn-option "--user nobody"
set interfaces openvpn vtun0 openvpn-option "--group nogroup"
commit
save
exit
Verification Commands (Shouldn't work since routing isn't set up)
show interfaces openvpn
show interfaces openvpn detail
show openvpn status site-to-site
DON'T FORGET TO CLOSE THE FIREWALL EXCEPTION MADE FOR SSH CONNECTIONS OVER THE INTERNET! I don't show the removal of this rule in the video.
Видео OpenVPN Site-to-Site on Edgerouter канала Toasty Answers
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
EdgeRouter IPSec Site-to-Site VPN Setup
Firewall Comparison, Which Ones We Use and Why We Use Them: Untangle / pfsense / Ubiquiti
OpenVPN site-to-site on Edgerouter (DynDNS Setup)
USG vs. EdgeRouter
pfSense Site to Site VPN
Unifi Complete Network Setup
Edgerouter X Speedtest
Ubiquiti Edge Full Setup and Configuration For Home Or Small Business
UniFi Dream Machine to UniFi Dream Machine Pro IPSec VPN - How-to
OpenVPN site-to-site on Edgerouter (Static Routing)
Securing your network from IOT devices using the EdgeRouter X
L2TP over IPsec VPN Server
PiVPN : How to Run a VPN Server on a $35 Raspberry Pi!
WireGuard: Next Generation Secure Network Tunnel
Site-to-Site VPN between AWS and Ubiquiti UniFi Dream Machine Pro Firewall
Common Questions
Configure pfsense as OpenVPN Client in a Site to Site VPN using Netgate SG-1100
EdgeRouter L2TP IPSec Server Setup
VPN Tunnels and Stuff | Site to Site vs Remote Access
How to Optimize a Unifi Network