With a pc connected to the internet, I would like to join the lan network of a rut360.
I have installed Openvpn server on the rut. The staut is active.
Here is the router conf:
Enable : on
Enable OpenVPN config from file : off
TUN/TAP : TUN (tunnel)
Protocol : UDP
Port :1194
LZO : None
Authentication : TLS
Encryption : AES-256-GCM 256
TLS cipher : All
Client to client : Off
Keep alive : 10 120
Virtual network IP address : 172.16.50.0
Virtual network netmask : 255.255.255.0
Push option :
Allow duplicate certificates : off
Authentication algorithm : SHA1
Additional HMAC authentication : None
Use PKCS #12 format : off
Certificate files from device : off
Certificate authority : ca.crt (1.2 KB)
Server certificate : server.crt (4.6 KB)
Server key : server.key (1.7 KB)
Diffie Hellman parameters
You can keep UDP as protocol in the configuration, and it needs to match on both sides.
Since you are using TLS authentication, in the client configuration, you need to put:
CA (same on both, server and client)
Client cert
Client key
Also, make sure that your RUT360 server has a public IP address. I can see in the client config that the IP (remote 188.xx.1yy.1xx 1194) starts with 188. On your RUT360, navigate to Network → Interfaces and check what IP address does your WAN (or mob1s1a1 if you are using mobile) interface has. Is it the ‘188.xx.1yy.1xx’ IP address? If not, what are the first 2 octets of the IP address (first half)?
It is not necessary to explicitly define an encryption in the client configuration, unless you want to force this specific encryption. The OpenVPN client should adopt the encryption offered by the server.
Please, ensure that both configurations are using either UDP (proto udp) or TCP (proto TCP). This needs to be identical in both configurations - on the server, and on the client.
The second thing is that the certificates in the client configuration can be wrong. Make sure you use correct certificates in the client configuration. You can generate certificates on RUT360 in System → Administration → Certificates → File type: simple → generate. Then, these certificates will be available in the certificates manager tab above. Make sure you use the client.cert and client.key in the client configurations.
As far as I know, vars file is used to generate certificates. If you have generated certificates on RUT360, you do not need to generate new certs. When you generate certs on RUT360, there should be 6 certificates generated (those important to us in this case) in System → Administration → Certificates → Certificates manager tab:
ca.cert.pem - download and use this same file on both, OpenVPN server (RUT) and client - this is Certificate Authority file.
server.cert.pem - download and upload to RUT360 OpenVPN server as server certificate.
server.key.pem - download and upload to RUT360 OpenVPN server as server key.
client.cert.pem - download and use in OpenVPN client configuration file as client certificate.
client.key.pem - download and use in OpenVPN client configuration file as client key.
dh.pem - download and upload to RUT360 OpenVPN server as Diffie Hellman parameters file.