Abstract:
This document will outline how-to set up a Fedora PC or VM and use OpenVPN to connect to devices that do not have Static IP’s. This guide is intended to walk you through setting up a Fedora VM or PC with OpenVPN server installed and configure the remote devices as OpenVPN clients to this server.
Products:
SN-6000
RAM-6000/9000
Use Case / Problem Solved:
You have an SN or RAM that you want to install in the field but do not have a Publicly accessible IP address or you don’t want to setup Static IP’s through your carrier. You may also use this with a RAM 6021 Wired Router as long as the WAN interface has internet access.
Required Software/Hardware:
SN or RAM device(s)
PC or Virtual Machine
Latest Fedora Core (.iso can be found here.)
OpenVPN Scripts can be downloaded here.
Required Firmware:
Firmware Version 3.29/4.29
In this example, Fedora on the left is connected to the Red Lion Router/Firewall. You will need to setup a port forward rule to the server (in this example 192.168.1.2) for UDP Port 1194. Then, setup Customer/Road Warrior PC and the SN/RAM devices to point to the WAN IP of your Router/Firewall (in this example 96.24.20.1). The .sh scripts that are included will configure the OpenVPN Server and generate the respective client files.
Example 1. I can ping from the Server to the PLC/HMI/Etc on remote site 1 and 2.
Example 2. I can ping from the Road Warrior to the PLC/HMI/Etc on remote site 1 and 2
Example 3. I can ping from the PLC/HMI/Etc. on Remote Site 1 to the PLC/HMI/Etc. on Remote site 2
Example 4. If I have a service (like SixView Manager also running on the Fedora PC/VM) I can have the SN/RAM devices ping back to the Server.
Part 1: Setting Up Fedora
[ALL COMMANDS MUST BE RUN AS ROOT]
1. First you will need to setup Fedora Core either as a Virtual Machine or on the Host PC itself.
2. Once the install is finished you will need to make sure that Fedora is up to date.
- Please run this command dnf -y update
- Then run this command dnf -y upgrade
3. Now that Fedora is up to date, let’s enable ssh login.
- Please run this command systemctl enable sshd.service
- Then run this command systemctl start sshd.service
4. Using a program like SecureCRT/teraterm/etc. will provide terminal access to this machine. You can leave this device running headless (no monitor). If any changes are required, you can ssh to the Ethernet IP.
5. While logged in via ssh, ensure the clients directory is created
- Run this command: mkdir ~/clients
6. Transfer all shell scripts to your “users” desktop folder.
Terminal Emulation programs like Tera Term and SecureCRT allow you to transfer files
a.) In Tera Term
a1.) Please run this command cd /home/”user”/Desktop
a2.) Then run this command rz
a3.) In Tera Term Options select File>Transfer>ZModem>Send
a4.) Browse for all 5 .sh files
- install.sh
- openvpnclientcreate.sh
- openvpnserverinstall.sh
- Redlionclientzipper.sh
- Windowsclientcreator.sh
b.) In SecureCRT
b1.) Please run the command rz
b2.) A file dialog box will open, select all 5 .sh files
- install.sh
- openvpnclientcreate.sh
- openvpnserverinstall.sh
- Redlionclientzipper.sh
- Windowsclientcreator.sh
7. Now make sure all 4 files are executable.
a.) Run this command chmod +x install.sh
b.) Run this command chmod +x openvpnclientcreate.sh
c.) Run this command chmod +x openvpnservinstall.sh
d.) Run this command chmod +x Redlionclientzipper.sh
e.) Run this command chmod +x Windowsclientcreator.sh
8. Finally, move install.sh to the ~/clients directory
- Run this command mv install.sh ~/clients
Part 2: Setting Up OpenVPN Server
[REMINDER ALL COMMANDS MUST BE RUN AS ROOT]
1.) While still in the /home/”user”/Desktop directory we can now run the OpenVPN Server Install Script
2.) Run this command ./openvpnservinstall.sh
3.) This shell script will make sure Fedora is up to date, Install OpenVPN and easy-rsa, and make all necessary firewall and file system changes. After all changes have been made and the script finishes the Fedora install will reboot.
Part 3: Setting Up OpenVPN clients
[REMINDER ALL COMMANDS MUST BE RUN AS ROOT]
[ANY INSTANCE OF “user” represents the username you set when installing Fedora]
[ANY INSTANCE OF “client” represents the client name you chose when generating OpenVPN clients]
1.) Log back in after Fedora is finished rebooting
2.) Navigate back to the /home/”user”/Desktop directory
a.) Run this command cd /home/”user”/Desktop
3.) Now we can run the OpenVPN Client Creator script
a.) Run this command ./openvpnclientcreate.sh
b.) You will then be prompted for a client name (something like client1 should work)
c.) You will then be prompted for the WAN IP of your OpenVPN server (example: 166.166.166.166)
d.) You will then be asked if your clients have routes to push. If you would like to be able to connect to the LAN network behind your Red Lion Modem/Router/RTU this is where you define those routes, type y. Please enter in Network ID [space] Subnet mask format (example 192.168.0.0 255.255.255.0) Otherwise type n.
e.) Please run this command for every client you wish to connect to this Server.
Part 4: Creating Installation Files for Red Lion Devices
[REMINDER ALL COMMANDS MUST BE RUN AS ROOT]
[REMINDER ANY INSTANCE OF “user” represents the username you set when installing Fedora]
[REMINDER ANY INSTANCE OF “client” represents the client name you chose when generating OpenVPN clients]
This is where we will create a zip file for any clients that are a Red Lion device.
1.) Run this command ./Redlionclientzipper.sh
2.) You will then be prompted for the client name (example: client1)
3.) The script will run and the “client”.zip file will be placed in ~/clients/
4.) Please run this script for all clients that are Red Lion Modem/Router/RTU’s
5.) Once all Red Lion client install .zip files have been created simply transfer these files to your host PC. To install these files onto a Red Lion device, Log into the Red Lion Web GUI, Navigate to Admin>Package Installation, select your “client”.zip file and then click Install. Once the install is complete you should now be able to connect to the Red Lion device from the OpenVPN server and all other Red Lion clients.
Part 5: Creating Client .zip Files for Easy Transfer to Windows or Linux PC’s
[REMINDER ALL COMMANDS MUST BE RUN AS ROOT].
[REMINDER ANY INSTANCE OF “user” represents the username you set when installing Fedora]
[REMINDER ANY INSTANCE OF “client” represents the client name you chose when generating OpenVPN clients]
This is where we will create a .zip file to grab all necessary .key, .conf and .crt files to easily transfer to your PC client
NOTE: It’s not recommended to push any routes for the PC clients so when generating client files for these clients (Part 3, Step 3, subsection d.) please choose no (n).
1.) Run this command ./Windowsclientcreator.sh
2.) You will then be prompted for the client name (example: client1)
3.) The script will run and the “client”.zip file will be placed in ~/clients/
4.) Please run the script for all clients that are PC’s
5.) For Windows
a.) Install the latest version of OpenVPN GUI found here.
b.) Once it’s installed take your “client”.zip file and uzip it to C:\Program Files\OpenVPN\config folder
c.) In the Windows Star Menu, search for OpenVPN
d.) Right-click on OpenVPN-GUI.exe and Run as administrator
e.)Down in the bottom left corner you will now see an icon for OpenVPN GUI (looks like a screen with a padlock in front) Right-click on that icon and click connect.
6.) For Linux
a.) Most Linux distributions have OpenVPN installed by default. If not please research on how to install OpenVPN for your Linux distribution.
b.) You can then unzip your “client”.zip file to /etc/openvpn/client directory.
c.) If your Linux distribution uses systemd (like Fedora does) you can Run this command systemctl enable openvpn-client@”client”.service
Disclaimer
It is the customer's responsibility to review the advice provided herein and its applicability to the system. Red Lion makes no representation about specific knowledge of the customer's system or the specific performance of the system. Red Lion is not responsible for any damage to equipment or connected systems. The use of this document is at your own risk. Red Lion standard product warranty applies.
Red Lion Technical Support
If you have any questions or trouble contact Red Lion Technical Support by clicking here or calling 1-877-432-9908.
For more information: http://www.redlion.net/support/policies-statements/warranty-statement