Sunteți pe pagina 1din 5

MyVPNServer

1.GenerateServerCerificates
2.ConfigureMainParameters
3.AddUser
4.EditUser
5.UserConfigurationfiles
6.ConnectingtoMyVPNServer
7.FAQ
OfficialDocumentationofOpenVPN
VideoManualofMyVPNServer
VideoManualofMyVPNClient
TheMyVPNServermoduleisanaddonthatwillallowyoutocreateaVirtualPrivateNetworkusingopensourceOpenVPN.
OpenVPNisafullfeaturedSSLVPNwhichimplementsOSIlayer2or3securenetworkextensionusingtheindustrystandardSSL/TLSprotocol,supportsflexibleclient
authenticationmethodsbasedoncertificates,smartcards,and/orusername/passwordcredentials,andallowsuserorgroupspecificaccesscontrolpoliciesusingfirewallrules
appliedtotheVPNvirtualinterface.

UnregisteredVersion
UnregisteredVersionhassomelimitations:
VPNNetwork(Only192.168.10.0/255.255.255.0)
Port(Only1195)
Youcanaddonly1User
PleaseopenElastixAddonMarkettobuyitanduploadlicensefiletoMyVPNServerAddon.

QuickStartGuide
1.GenerateServerCerificates
FirstyoushouldGenerateNewServerCertificate.PressthebuttonServerCertificateandcompleteallfieldsmarkedwitharedasterisk(*).ThenpressthebuttonGenerate
NewServerCertificate.Ashortwhilelater,theOpenVPNgeneratedanewservercerificates.
Field

Description

Example

Country

ThetwoletterISOabbreviationforyourcountry

US

Province

Thestateorprovincewhereyourorganizationislocated.Cannotbeabbreviated. Georgia

City

Thecitywhereyourorganizationislocated.

Atlanta

Organization

Theexactlegalnameofyourorganization.Donotabbreviate

VOIPLaboratoryInc.

Email

TheemailaddressfortheCA(whotocontact)

support@voiplab.ru

CanonicalName

Sincethisisyourrootcertificate

voiplab.ru

Note:Thismaytakeseveralminutesdonotdisrupttheprocess.
Warning:Generationnewcerificateswillremovealluserconfigurations!!!Don'tdoitifnotshure!

2.ConfigureMainParameters
Onceallthenecessarycertificateshavebeenadded,youshouldconfiguremainparametersMyVPNServer.
Field
Status

Description
ThefieldStatusshowsthestateoftheservice

RecommendValue
Active/Inactive

Interface

LocalIPaddressforbind.Ifspecified,OpenVPNwillbindtothisaddressonly.Ifunspecified,OpenVPNwillbindtoallinterfaces.

192.168.1.1

Port

TCP/UDPportnumberforbothlocalandremote.Thecurrentdefaultof1194representstheofficialIANAportnumberassignmentfor
OpenVPNandhasbeenusedsinceversion2.0beta17.Previousversionsusedport5000asthedefault.

1194

VPNNetwork

AhelperdirectivedesignedtosimplifytheconfigurationofOpenVPN'sservermode.ThisdirectivewillsetupanOpenVPNserver
whichwillallocateaddressestoclientsoutofthegivennetwork/netmask.Theserveritselfwilltakethe".1"addressofthegiven
networkforuseastheserversideendpointofthelocalTUN/TAPinterface.

192.173.0.0/255.255.255.0

PrimaryDNS

PrimaryDNSServer

8.8.8.8

SecondaryDNS

SecondaryDNSServer

4.4.4.4

MaximumClients

Limitservertoamaximumofnconcurrentclients.

100

LogLevel

Setoutputverbosityton(default=1).Eachlevelshowsallinfofromthepreviouslevels.Level3isrecommendedifyouwantagood
summaryofwhat'shappeningwithoutbeingswampedbyoutput.
0Nooutputexceptfatalerrors.
1to4Normalusagerange.
1
5OutputRandWcharacterstotheconsoleforeachpacketreadandwrite,uppercaseisusedforTCP/UDPpacketsandlowercase
isusedforTUN/TAPpackets.
6to11Debuginforange(seeerrlevel.hforadditionalinformationondebuglevels).

Protocol

UseprotocolTCP/UDPforcommunicatingwithremotehost

udp

StaticRoutes

Pushroutestotheclienttoallowittoreachotherprivatesubnetsbehindtheserver.

192.168.5.0/255.255.255.0
192.172.15.0/255.255.255.252
192.168.16.1/255.255.255.255

AdditionalOptions:
Field

Description

RecommendValue

UseHostnameforConnect

UsethisoptiontospecifyaRemoteFieldlikehostname.

Checked

EnablesetDefaultGateway

AutomaticallyexecuteroutingcommandstocausealloutgoingIPtraffictoberedirectedovertheVPN.

Checked

DisableInterClientCommunication

BecausetheOpenVPNservermodehandlesmultipleclientsthroughasingletunortapinterface,itiseffectivelyarouter.Theclient
toclientflagtellsOpenVPNtointernallyrouteclienttoclienttrafficratherthanpushingallclientoriginatingtraffictotheTUN/TAP
Unchecked
interface.Whenthisoptionisused,eachclientwill"see"theotherclientswhicharecurrentlyconnected.Otherwise,eachclientwillonly
seetheserver.Don'tusethisoptionifyouwanttofirewalltunneltrafficusingcustom,perclientrules.

EnableCompression

UsefastLZOcompressionmayaddupto1byteperpacketforincompressibledata.

Checked

EnableNAT

UsethisoptiontoanutomaticallygenerateNATrulesforiptables.

Checked

KeepAliveOptions:
Field

Description

RecommendValue

Pingevery

PingremoteovertheTCP/UDPcontrolchannelifnopacketshavebeensentforatleastnseconds(specifypingonbothpeersto
causepingpacketstobesentinbothdirectionssinceOpenVPNpingpacketsarenotechoedlikeIPpingpackets).Whenusedinone
ofOpenVPN'ssecuremodes(wheresecret,tlsserver,ortlsclientisspecified),thepingpacketwillbecryptographicallysecure.

10

Restartafter

Similartopingexit,buttriggeraSIGUSR1restartafternsecondspasswithoutreceptionofapingorotherpacketfromremote.

60

Notice:thesecondparameter(PingRestart)mustbeatleasttwicethevalueofthefirstparameter(PingEvery).Aratioof1:5or1:6wouldbeevenbetter.
Recommendedsettingis1060.

3.AddUser
OnceallthenecessarysettingshavebeensavedandMyVPNServerwassuccessfullystarted,youshouldaddnewUsers.PressthebuttonAddUserandcompleteallfields
markedwitharedasterisk(*).ThenpressSaveuserbutton.

Field

Description

Example

Commonname

Uniqueidentifiactorofuser

SlaveServer

Email

ContactEmailaddress

support@voiplab.ru

StaticIP

StaticIPaddressforuser.

192.173.0.13

Country

ThetwoletterISOabbreviationforyourcountry

US

Province

Thestateorprovincewhereyourorganizationislocated.Cannotbeabbreviated. Georgia

City

Thecitywhereyourorganizationislocated.

Atlanta

Organization

Theexactlegalnameofyourorganization.Donotabbreviate

VOIPLaboratoryInc.

CanonicalName

Sincethisisyourrootcertificate

voiplab.ru

ExpirationDate

ExpirationDateofcertificate

10.06.2015

4.EditUser
YoucanchangeStaticIPaddressforcreatedUsers.OpenusersettingsandcompleteStaticIP.UseblankStaticIPtosetdinamicallyIPAddress

5.UserConfigurationfiles
Youcansendcomplete*.ovpnconfigurationfiletocontactmailviapressingthebutton

.Orsaveittolocaldriveviapressingthebutton

AlsoyoucaneditEmailTemplate.Pressthebutton'EmailTemplate'andconfiguteit

6.ConnectingtoMyVPNServer
6.1Elastix(Linux)
ForbettercompatibilityforElastixwecreatedthemoduleMyVPNClientManager.YoushoulddownloaditusingAddonsMarket.

6.2Windows
Downloadlastestversionandinstallit.AfterthatyoushouldcopyEXAMPLE.ovpntothefolderc:\programfiles\OpenVPN\config.AfterthatyoucanconnectWindowstoElastix
MyVPNServer.RightclickonOpenVPNsystemtrayiconandconnectit.

6.3MacOS
Tunnelblickisafree,opensourcegraphicuserinterfaceforOpenVPNonOSX.ItprovideseasycontrolofOpenVPNclientand/orserverconnections.Itcomesasareadyto
useapplicationwithallnecessarybinariesanddrivers(includingOpenVPN,easyrsa,andtun/tapdrivers).Noadditionalinstallationisnecessaryjustaddyourconfiguration
andencryptioninformation.

7.FAQ
7.1IconfiguredMyVPNServerbutcan'tconnecttoit.Myclientreturns'Waitingserver...'
Youmustaddallowfirewallrule.OpenthepageSecurity>Defineports.PressthebuttonDefinePortanddefinethesameportthatyourMyVPNServeruses.ThenpressSave
button

OpenthepageSecurity>FirewallRulesandaddnewrulelikethis:

TotakeeffectyoumustsetnewruleupperthanREJECTALLruleandsavechanges.

PleasereturntothepageMyVPNServerandpressUpdatebuttontofixiptablesnatrule.

7.2IconfiguredMyVPNServerandoption'DisableInterClientCommunication'ison.Butclientsstillseeeachother.
Thisisbecauseyouturnonoption'EnableNAT'.Youshoulddisableinterclientcommunicationmanually.OpenthepageSecurity>FirewallRules(Activateitifnecessary)and
addnewruleasshowndown.(192.168.10.0/255.255.255.0ismyMyVPNServerNetwork).

ThendisactivateselectedFORWARDruleasshowndown.

PleasereturntotheindexpageofMyVPNServerandpressUpdatebuttontofixiptablesnatrule.
Developer:NikitaRukavkov
Site:VOIPLaboratory
Support:support@voiplab.ru