By default a disabled VPN server port is configured on the Com.X. To configure, right-click the interface in the interfaces list and select edit. Configure interface IP settings appropriately, then select the VPN tab.
Field |
Contents |
Port Number |
The port to be used by clients to connect to the VPN. Defaults to 1194. |
Use LZO Compression |
The VPN may be configured to use compression on all packets. This will save network bandwidth but incur some performance penalty. Client and server configuration must match. |
Transport |
Select between TCP and UDP for VPN transport. |
VPN Public IP |
The Public IP address of the VPN server, if required. This is used allow client configuration to be generated automatically, see next section. |
VPN Public port |
The associated port on the public IP of the VPN, if required. |
Routes
Routes are added by selecting the Routes tab once configuring the interface. Routes on VPN interfaces are added as with any other network interface, as described here.
Generating certificates for clients
To generate authentication certificates for client devices, right-click on the interface in the interfaces list, and select VPN Clients. Select New and enter the name of the client. Review and apply your changes to create the client.
Once a client is created and the configuration applied, a certificate pack and/or configuration pack for the client can be generated. Right-click the client in the clients list, and select Get Configuration.
Select your desired certificate packaging and save the file to a location on your desktop/laptop computer.
Note: Changes must be applied after the creation of a client before requesting configuration. No client configuration is created before the changes are applied, and so no configuration will available for unapplied clients. |
Revoking Client certificates
To revoke certification for a client device, right-click on the desired device in the VPN Served Clients list, and select Revoke. Clients authenticating with revoked certificates will be denied. Note that a certificate, once revoked, cannot be used again. A new client certificate will have to be issued.