Security: OpenVPN

This is a guide intended to help configuring Comms Mundi™ OpenVPN for the first time. If you have any doubt, please refer to the reference manual, or ask us at support@wirelessmundi.com.

The Certificates is the place where you can add or delete authorities and certificates.

This guide will help configuring two certificates under a single certificate authority.

To add an authority go to the page Security → Certificates:

1. In the authority table click add button.
2. Set the value for the common name, for example, OpenVPN.
3. Set the value for the email, for example, OpenVPN@commsmundi.com.
4. Set the value for the expiration date, for default is 3650 = 10 years.
5. Set the value for the organization, for example, Wireless Mundi.
6. Set the value for the Unit name, for example, 1.
7. Set the value for the Locality, for example, Madrid.
8. Set the value for the Province, for example, Madrid.
9. Select the value for the Country, for example, Spain.
10. Select the option for the private key, for example, RSA 2048 bits.
11. Click Add

To add a certificate go to the page Security → Certificates:

1. In the certificate table click add button.
2. Set the value for the common name, for example, server OpenVPN.
3. Select the option for the private key, for example, RSA 2048 bits.
4. Select the extended key usage as ServerAuth.
5. Click Add

To add a certificate go to the page Security → Certificates:

1. In the certificate table click add button.
2. Set the value for the common name, for example, android_client.
3. Select the option for the private key, for example, RSA 2048 bits.
4. Select the extended key usage as ClientAuth.
5. Click Add

This guide will help configuring an accounts to OpenVPN configured to Directory.

To add a account go to the page Directory → Domain:

1. In the users table click add button.
2. Set name and password.
3. Go to OpenVPN, then check enable OpenVPN and set password for this account.
4. Click Add

The OpenVPN section is where you can configure the OpenVPN service and download the configuration for clients. the first step will be to active the service for it go to the page Security –> OpenVPN –> Global Configuration.

To add a connection go to the page Security → OpenVPN → Connections:

1. In the connections table click add button.
2. Check the status to active.
3. Set the value for the Name, for example, connection_OpenVPN.
4. Select the interface.
5. Set the value for the port, for default is 1194.
6. Select the transport, for example, UDP.
7. Select the server certificate, for example, server OpenVPN.
8. Set the value for the interface, for example, 192.168.50.2/24.
9. Set the value for the ip range, for example, 192.168.50.20 - 192.168.50.40.
10. Set the value for the domain, for example, commsmundi.com.
11. Set the value for the DNS server, for example, 8.8.8.8.
12. Set the value for the WINS server, for example, 8.8.8.8.
13. Add the routes address, for example, 192.168.1.0/24.
14. Check the type of routes, for example, route default.
15. Select the type authentication, for example, certificate.
16. Click Add

To add a connection go to the page Security → OpenVPN → Connections:

1. In the connections table click in Download config user.
2. Set the value for the address server.
3. Select the certificate client, for example android_client.
4. Click Download