This instruction describes how to configure OpenVPN with end customers Web Port.
Technical solution
In partnership with Web Port, Kiona is hosting an OpenVPN server in Azure. When connecting properties, the solution requires a locally installed router with OpenVPN support. This guide assumes the router is of model TELTONIKA RUTX08 or TELTONIKA RUT240 if built-in 3G/4G is desired. However, it is possible to use other routers with OpenVPN support.
The web interface of Web Port can be accessed externally via customer.webport.se (webport-url). On the OpenVPN-server xxx.xxx.xxx.xx (VPN-IP) two networks are set up, one for communicating with local routers in properties and one for clients (integrators) that want to access local routers and technical equipment behind. Each router is configured with the following basic settings:
- Using WAN or 3G/4G to access the internet
- Using OpenVPN (Certificate-Based) to connect to xxx.xxx.xxx.xxx (10.100.x.x IP is assigned automatically)
- Optionally a local network, the example in this guide is 192.168.100.x
- Port forwarding from the OpenVPN network to the control equipment on the LAN
Clients wishing to connect to the network do so via OpenVPN with both certificate and password. The solution is set up so that local routers are isolated from one another, but servers and clients can access all routers.
Router instruction
Create configuration-file.
(See OpenVPN Management manual)
Router:
- Connect your computer to the LAN port using a network cable.
- On the router, note down the default username, password and IP address.
- Log in and set up a new password.
- Follow the instructions to configure the internet connection, such as WAN, Mobile or Wireless.
- Verify the connection by using the Ping command from your connected computer or from System, Administrator, Diagnostics, Ping.
- Ping 8.8.8.8.
LAN:
- Go to Network, LAN.
- Change the IP address to 192.168.100.1.
Depending on if the local network allows for a DHCP server to be active, let it be. Otherwise, turn it off. If you turn it off, you will need to manually set the IP address on the computer you are connected to in order to connect to the router.
OpenVPN:
- Navigate to Services, VPN, OpenVPN, select Role: client and choose an appropriate configuration name, then select Add New and click edit.
- Upload a .ovpn profile.
- Verify the connection (Connected) under Status, Network, OpenVPN. Unfortunately, the assigned IP address is not displayed when using the .OVPN configuration file.
- Verify that you can reach the web port server from the router by pinging the ip 10.100.0.1.
- From the Web Port, the connection is verified using ping from system settings/debug/ping and pinging the local address.
On the connection configuration page, enter the settings according to the image below and save.
Port forwarding:
To access DUCs, aggregates, etc., port forwarding from the OpenVPN interface to devices on the local network needs to be set up. This is done under Network, Firewall, Port Forwarding.
Create a new rule, choose the appropriate protocol, port and internal IP and internal port. If there are multiple Modbus devices, these can be placed on different external ports.
IMPORTANT!
Then select to edit the rule you just created and choose the source to OpenVPN to only allow traffic coming from the VPN network.
To verify, connect the IO device to the Web Port with the router's VPN IP 10.100.x.x and the ports that were forwarded. The same can also be done from your computer if you are connected as a client (see Client Connection section).
OpenVPN-client PC
Ordering configuration file
(See OpenVPN Management manual)
Install client
Any OpenVPN client can be used if it supports .ovpn files and passwords. Such a client can be found at https://openvpn.net/community-downloads/. Download, install and run.
Then select import and find your .ovpn file and select connect, then enter your password.
Verify the connection by pinging 10.100.0.1. Now you can access all the local routers on the network (including the admin interface).