The objective of this article is to guide you through setting up OpenVPN on your RV160 or RV260 router as well as the VPN client setup of OpenVPN on your computer.
Setting up a Demo OpenVPN on an RV160/RV260 Router
Setting up OpenVPN on an RV160/RV260 Router
Logging in With a Self-signed Certificate after Setting up Demo OpenVPN
OpenVPN Client Setup on Computer
OpenVPN is a free, open-source application that can be set up and used for a Virtual Private Network (VPN). It uses a client-server connection to provide secure communications between a server and a remote client location over the internet.
OpenVPN uses OpenSSL for encryption of UDP and TCP for traffic transmission. A VPN provides a secure tunnel of protection, which is less vulnerable to hackers since it encrypts data sent from your computer through the VPN connection. For example, if you are using WiFi in a public place, such as in an airport, it keeps your data, transactions, and queries from being seen by other users. Much like HTTPS, it encrypts data sent between two end points.
One of the most important steps in setting up OpenVPN is obtaining a Certificate from a Certificate Authority (CA). This is used for authentication. Certificates are purchased from any number of third party sites. It is an official way to prove that your site is secure. Essentially, the CA is a trusted source that verifies that you are a legitimate business and can be trusted. For OpenVPN you only need a lower level certificate at a minimal cost. You get checked out by the CA, and once they verify your information, they will issue the certificate to you. This certificate can be downloaded as a file on your computer. You can then go into your router (or VPN server) and upload it there. Please note, clients don’t need a Certificate to use OpenVPN, it is just for verification through the router.
Install the OpenVPN application onto your system. Click here to go to the OpenVPN Website.
For more information on OpenVPN and answers to many questions you may have, click here.
Note: This setup is specific to Windows 10.
Once you have OpenVPN installed, the application should appear on your desktop or as a small icon on the right side of the task bar. OpenVPN clients will also need this installed.
Ensure you have the proper system time set up on all devices. The proper system time must be completely synced at the router before the creation of a certificate. This is often done automatically, but if you run into issues, this is a good place to check.
If you want to try out OpenVPN before you pay money for a CA, you can create a self-signed certificate. This is a no-cost way to see if OpenVPN is something you would like to deploy for your business. If you already know you would like to purchase a CA, you can skip this section of the article and go directly to Setting up OpenVPN on a RV160/RV260 Router.
Step 1. Log into the router using your credentials. The default user name and password are cisco.
Note: It is highly recommended that you change all passwords to something more complex. Otherwise, it is like leaving the key to your locked door on the doorstep.
Step 2. It is a requirement that you obtain a certificate on the router. Navigate to Administration > Certificate > Generate CSR/Certificate… This is how to create the request for a certificate.
Step 3. Make a request for a CA Certificate.
Click the top right Generate button.
Step 4. You also need a server certificate. This Certificate Signed by CA Certificate will be signed by the CA certificate you just created.
Step 5. Make a request for a Certificate Signed by CA Certificate.
Click the top right Generate button.
Step 6. Navigate to System Configuration > User Groups. Select the plus icon to add the new group.
Step 7. Enter the name of the Group, click On for the radio button to turn on OpenVPN. Click Apply.
Step 8. Navigate within the System Configuration menu and click on User Accounts. Under Local Users, Click on the plus icon.
Step 9. Fill out the information below. Make sure to select OpenVPN from the dropdown menu. Click Apply.
All of the dependencies are complete and the router can now be configured for OpenVPN.
Step 10. Navigate to VPN > OpenVPN. The OpenVPN page opens. Complete each box on the page, making sure to select the previously created certificates from the dropdown menu.
Step 11. Scroll down the page and fill out the the Domain Name and DNS1.
Note:The DNS1 IP address could be a dedicated internal DNS server, the same IP address of your default gateway provided by your Internet Service Provider (ISP), on a virtual machine, or a trusted DNS server out on the internet.
Step 12. Click Apply to save the configuration at the router.
Step 13. Stay on the same page and scroll further. Generate the configuration template that is to be installed on the OpenVPN client. This file has an .ovpn extension and will be used by the OpenVPN client. Check the box to Export client configuration template (.ovpn) and click Generate. This downloads the file onto your computer.
Step 14. Navigate to Status and Statistics > VPN Status. You have the ability to scroll down for more detailed information.
The next section of this article is important to review, as it explains how to log in with a self-signed certificate.
When you log in with a self-signed certificate, you may see a warning popup when you attempt to log in. You will need to click Advanced, Proceed, Trust, or another option depending on your web browser in order to proceed.
At this point you may receive a warning that it is unsafe. You can choose to proceed, add exception, or advanced. This will vary by web browser.
In this example, Chrome was used for a web browser. This message appears, click Advanced.
A new screen will open and you need to click on Proceed to yourwebsite.net (unsafe)
Here is an example of accessing the device warning when using Firefox as a web browser. Click on Advanced.
Click Add Exception….
Finally, you will have to click on Confirm Security Exception.
The router is now configured with all the parameters necessary to support an OpenVPN Client connection. Since you have already downloaded the client configuration template to your device, the one that ends in .ovpn, you can move on to the section OpenVPN Client Setup on Computer. If you decide to deploy OpenVPN for your company, you can follow the steps in this next section.
This is a more complicated process as it involves getting a CA from a third party, which costs money. You also need to send the VPN client configuration template, ending in .ovpn, to all clients so they can set up on their device. Clients need several settings the same as the router in order for them to communicate. The best part is that for minimal cost, you and your employees can use the internet and conduct business more securely.
Step 1. Log into the router using your credentials. The default user name and password are cisco.
Note: It is highly recommended that you change all passwords to something more complex. Otherwise, it is like leaving the key to your locked door on the doorstep.
Step 2. It is a requirement that you obtain a certificate. Navigate to Administration > Certificate > Generate CSR/Certificate… This is how to create the request for a certificate.
Step 3. Make a request for a Certificate Signed by CA Certificate. This can be found by navigating to Administration > Certificate.
Click the top right Generate button
Step 4. Select to Export it by clicking the up arrow under Action.
Step 5. This screen will appear. Click Export.
Step 6. Select Open with and Notepad (default) from the dropdown menu. Click OK.
Step 7. An XML File will open.
Note: Make sure the BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST are each on their own lines as shown above.
Step 8. At the top of the screen click Edit and select Copy from the dropdown menu.
Step 9. Choose a reputable third party site to make the certificate request. You will need to paste the copied XML file as part of the request.
Note: If you have an internal certificate server on your network you can use that instead, however this is not common.
Step 10. Once you have been verified, you can choose Download certificate.
Step 11. Click the radio button to Save File and Click OK.
Step 12. Once it has been saved, select the radio button for that certificate and click on the down arrow icon.
Step 13. This screen will open. Select Browse....
Step 14. Choose the file of the certificate and click Open.
Step 15. Enter the Certificate Name to import and click Upload.
Step 16. You will receive a notification that the certificate successfully imported. Click OK.
Step 17. Navigate to Administration > Certificate. The certificate has been loaded.
Note: In this example, a local certificate server was used.
Step 18. Navigate to VPN > OpenVPN. The OpenVPN page opens. Complete the following with your information.
Click Apply to save the configuration.
Step 19 (Option 1). You can email this configuration to the client. Check the box Send Email. Enter an email address. Add a Subject title for the email. Click Generate.
Step 20. (Option 2). Select Export client configuration template (.ovpn) and click Generate.
Step 21. You will receive confirmation that is was successful. Click OK.
Step 22. Click Save.
Step 23. At the bottom right of your desktop and click to open OpenVPN. Right click to open up dropdown menu. Click Import File.
Step 24. Select the OpenVPN file that ends in .ovpn.
Step 25. Click on the radio button Save File and click OK.
Step 26. Change the name of the file if you choose, but leave .ovpn at the end of the file name. Click Save.
Step 27. Navigate to Status and Statistics > VPN Status. You have the ability to scroll down for more detailed information.
The router is now configured with all the parameters necessary to support an OpenVPN Client connection for your personal trial.
Each OpenVPN client needs to perform the following tasks as a prerequisite:
Note: This setup is specifically for Windows 10.
Step 1. Navigate to the arrow icon on the bottom right of the desktop and click to open the OpenVPN icon. Right click and select Import File.
Note: The icon is black and white, indicating that it is not currently running. Once it is running the icon will show in color.
Step 2. Click on the up arrow. Click on the OpenVPN icon. Right click and select Connect from the dropdown menu.
Step 3. Enter the Username and Password.
Step 4. The window will show the OpenVPN connecting along with some log data.
Step 5. A system log should alert that there is a connection.
Step 6. The VPN client should safely be able to tunnel incoming and outgoing information through OpenVPN. This can be set to automatically connect in the OpenVPN settings.
Step 7. The administrator can confirm the VPN Status by navigating to Status and Statistics > VPN Status on the router.
You should now have successfully installed OpenVPN on your RV160 or RV260 router and at the VPN client site.
For community discussions on OpenVPN, click here and do a search for OpenVPN.