Gennet-OxyGEN RFA1400.Wv2 Router Manual PDF (Setup & Configuration Guide)

Page 126 / 237 Scroll up to view Page 121 - 125

OxyGEN

mini

Office

Administrator’s Guide

IPv6 Tunnel

This menu lets you configure the operation of several IPv6 tunnels for OxyGEN miniOffice. Available

choices for tunneling mechanisms are

Dual Stack Lite

,

TunnelBroker.net

,

6to4

and

Sixxs.net

.

Figure 11.3: IPv6 Tunnels

In order to configure a tunneling mechanism you need to perform the following steps:

1. Select

Enabled

in the

Status

radio button.

2. Select the desired tunneling method, i.e.

choose

Dual Stack Lite

,

TunnelBroker.net

,

6to4

and

Sixxs.net

from the provided drop-down list.

3. Fill-in the necessary fields in order to configure the selected tunnel.

4. Click

Apply

.

More particularly, detailed instructions for each tunnel are provided below:

1.

Dual Stack Lite

: In

Remote Server

field, you may choose

Fixed

mode, where the remote AFTR

server’s IPv6 address must be filled in the field

Remote Address

.

If, on the other hand, no

preconfigured address for the AFTR is desirable, then select

Auto

and leave

Remote Address

box

empty. This will enable DHCPv6 AFTR option and obtain the IP from the DHCPv6 server. Optionally,

you can assign the local tunnel interface an IPv4 address in the

Local tunnel

field and also enable

NAT in the respective check box. Finally, the Interface Group whose packets will be forwarded to

the tunnel interface may be selected in

Service

drop-down list.

Gennet s.a.

126

Page 127 / 237

OxyGEN

mini

Office

Administrator’s Guide

2.

Tunnelbroker.net

: You must first fill in the

Tunnel ID

, then the remote server’s IPv6 address into

Remote Address

, the credentials for the connection in the fields

User ID

and

Password

and,

optionally, an address for the tunnel interface

Local Tunnel

.

3.

6to4

:

Select the Interface Group for which the tunnel will be enabled through the

Service

drop-down list.

4.

Sixxs.net

: Configuration of Sixxs tunnel is done following the same steps as in Tunnelbroker tunneling

mechanism described above.

Gennet s.a.

127

Page 128 / 237

OxyGEN

mini

Office

Administrator’s Guide

SSL VPN

This sub-menu lets you configure your OxyGEN miniOffice to act either as a server or as a client for a

Secure Sockets Layer (SSL) Virtual Private Network (VPN) tunnel. An SSL VPN is a form of VPN that uses

the SSL protocol for ensuring the security of data transmitted over the Internet. In the OxyGEN miniOffice,

this functionality is based on the widely used opensource OpenVPN project (

http://openvpn.net/

) and

supports both client and server modes of operation.

Figure 11.4: SSL VPN - Client Mode

Client Mode

To configure your device to act as an SSL VPN client :

1. Select Enabled as SSL VPN

Status

.

2. Select Client as the

Operation mode

from the drop down list.

3. Specify the hostname or IP address of the SSL server in the

Host/IP

field.

4. Select between Routed (Layer-3 / IP) or Bridged (Layer-2 / Ethernet)

Type

of VPN tunnel. The

former means that the VPN tunnel is a point-to-point IP connection, with IP addresses from a

Gennet s.a.

128

Page 129 / 237

OxyGEN

mini

Office

Administrator’s Guide

subnet different than the LAN. Bridged, on the other hand, means that the VPN connection will

operate like an Ethernet bridge between the LANs behind both the server and the client. For

more detailed information about the advantages and disadvantages of each type, please refer

to

Appendix E

.

5. When using Routed type, select if

NAT

(Network Address Translation) is going to be enabled for

LAN devices over the configured SSL VPN tunnel. In other words, if the multiple devices in the

client’s LAN are going to connect to the SSL VPN server using the IP address used by the client for

the VPN tunnel.

6. When using Bridged type, select which LAN

Service

(Interface Group) is going to be bridged over

the configured SSL VPN tunnel.

7. Click

Apply

.

In order to finish with the secure connection to the SSL VPN server, you will also need to install the

corresponding

Certificates

. These certificates must be provided to you by the administrator of the SSL

VPN server and can be uploaded by selecting the appropriate file using the

Browse

key and finally by

clicking the

Upload

key. The required certificate files and their names are:

connect.ovpn

: the client configuration file

ca.crt

: the certificate authority (CA) certificate

client.crt

: the client certificate

client.key

: the client key

It is also possible to install all files in one step, by gathering them in a zip archive.

Server Mode

If, on the other hand, you wish to configure your device to act as an SSL VPN server :

1. Select Enabled as SSL VPN

Status

.

2. Select Server as the

Operation mode

from the drop down list.

3. As in Client mode, select between Routed (Layer-3 / IP) or Bridged (Layer-2 / Ethernet)

Type

of

VPN tunnel. Please note that you must make the same sellection for both the server and the client.

4. When using Routed type, specify the

Network

and

Netmask

values for the subnet used as an IP

address pool for the connected clients.

Gennet s.a.

129

Page 130 / 237

OxyGEN

mini

Office

Administrator’s Guide

Figure 11.5: SSL VPN - Server Mode

5. When using Bridged type, select which LAN

Service

(Interface Group) is going to be bridged over

the configured SSL VPN tunnel. The DHCP server settings of this Service are going to be used for

the assignment of IP addresses to any DHCP requests from the SSL VPN client.

6. Click

Apply

.

The last step required for the operation of the SSL VPN server, is the definition of remote users and

the generation of the corresponding certificates. To this end, click the

Manage

key next to the

SSL VPN

users

label. The following screen appears:

In order to add a new remote user, enter the username under the

Add New User

heading and click

the

Save

key. The new user is added and a message window opens prompting you to save a zip file. This

zip file contains the configuration files and certificates corresponding to the added user. Save the file

and give it to the new remote user. It will be needed in order to connect to the SSL VPN server running

on your OxyGEN miniOffice.

If, on the other hand, you wish to prohibit further access to configured remote users, Revoke them

by clicking on the corresponding icon

of

Action

column in the list of the configured users.

Gennet s.a.

130

Rate

Popular Gennet-OxyGEN Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share