1.5 Administrator's Guide

  1. Home
  2. Docs
  3. 1.5 Administrator’s Guide
  4. Commissioning the unit
  5. Network configuration
  6. Ethernet Interface Configuration
  7. VPN Interface
  8. VPN Server

VPN Server

By default a disabled VPN server port is configured on the Com.X. To configure, right-click the interface in the interfaces list and select edit. The VPN interface configuration as in Figure 38 will load. Configure interface IP settings appropriately, then select the VPN tab.

<Figure 39 VPN server config options>

Field

Contents

Port Number

The port to be used by clients to connect to the VPN. Defaults to 1194.

Use LZO Compression

The VPN may be configured to use compression on all packets. This will save network bandwidth but incur some performance penalty. Client and server configuration must match.

Transport

Select between TCP and UDP for VPN transport.

VPN Public IP

The Public IP address of the VPN server, if required. This is used allow client configuration to be generated automatically, see next section.

VPN Public port

The associated port on the public IP of the VPN, if required.

Routes

Routes are added by selecting the Routes tab once configuring the interface. Routes on VPN interfaces are added as with any other network interface as described in Section 3.2.6

Generating certificates for clients

To generate authentication certificates for client devices, right-click on the interface in the interfaces list, and select VPN Clients. Select New and enter the name of the client. Review and apply your changes to create the client.

<Figure 40 image of all interfaces including a VPNS1. >

Once a client is created and the configuration applied, a certificate pack and/or configuration pack for the client can be generated. Right-click the client in the clients list, and select Get Configuration.

<Figure 41 getting certificates & cert format>

Select your desired certificate packaging and save the file to a location on your desktop/laptop computer.

Note: Changes must be applied after the creation of a client before requesting configuration. No client configuration is created before the changes are applied, and so no configuration will available for unapplied clients.

Revoking Client certificates

To revoke certification for a client device, right-click on the desired device in the VPN Served Clients list, and select Revoke. Clients authenticating with revoked certifcates will be denied. Note that a certificate, once revoked, cannot be used again. A new client certificate will have to be issued.