Adding OpenVPN tunnels in Micro Edge
Overview
Micro Edge implements OpenVPN to route traffic to remote networks. This enables devices behind Micro Edge to access remote resources using the VPN tunnel or to access the Internet using the VPN tunnel.
You can configure OpenVPN tunnels as WAN Interfaces for full tunnel routing, or as LAN interfaces for routing only to specific remote networks.
Adding an OpenVPN tunnel
To create a new VPN tunnel:
- Navigate to Settings > Network > Interfaces.
- Click Add Interface > OpenVPN.
- Set an Interface Name to help you identify this VPN tunnel interface.
- In Bound to, select any WAN to let Micro Edge choose the best path or specify a persistent WAN interface. Note: WAN Rules override this setting.
In Micro Edge 6.0+, using "Any WAN" enables failover behavior. If the connected WAN goes down, the "Best WAN" WAN Policy will be used to determine which WAN connection to use to reconnect on. - If you plan to use the VPN interface for Internet routing, enable Is WAN. Otherwise the VPN interface is not used in WAN Policies and Traffic shaping rules.
- Enable or disable NAT outgoing traffic. Enabling NAT means that all traffic uses the OpenVPN virtual IP address so there are no routes necessary on the remote endpoint. If you wish to configure policies by IP address, you must disable the NAT option and define the local subnets on the remote endpoint's tunnel configuration.
- Click Select from disk… to upload the OpenVPN configuration file that you obtain from your OpenVPN server. Note that the configuration file must include the server certificate.
- If you need to edit the configuration, click the Inline Edit checkbox.
- If your OpenVPN server requires authentication, enter the credentials in the Username and Password fields.
- If you wish to use the DNS server of the remote network, enable Use Peer DNS.
- Click Save to add the VPN tunnel interface.
To remove a VPN interface, click the Delete Interface button in the properties of the interface.
Advanced tab
The Advanced tab enables you to select between an automatic MTU setting or a custom setting you specify. (It is rare that this setting is needed.)
Routing Internet traffic over OpenVPN tunnels
If your VPN tunnel connects to a security gateway such as NG Firewall, you may prefer to send specific types of Internet traffic through the VPN server for added security, content filtering, user based access control, and reporting.
This common type of configuration requires at least one WAN Policy and at least one WAN Rule. Refer to Routing traffic via VPN tunnels for specific configuration and examples.
Follow
Comments
0 comments
Please sign in to leave a comment.