So you can use it on your mobile devices to address your application, nevertheless you should never configure the IP directly on your devices, but use a DNS to resolve it. The EMnify OpenVPN server will allocate a static IP address to the tun interface of your VPN client, this IP will also stay the same when your VPN client is reconnecting or if you move the tunnel to a different machine. Jul 12 17:53:57 openvpn-client ovpn-client: /sbin/route add -net 10.x.y.z netmask 255.255.128.0 gw 10.64.0.225įinding the static private IP of your VPN client Jul 12 17:53:57 openvpn-client ovpn-client: TUN/TAP device tun0 opened Jul 12 17:53:57 openvpn-client ovpn-client: SENT CONTROL : 'PUSH_REQUEST' (status=1) Jul 12 17:53:55 openvpn-client ovpn-client: Peer Connection Initiated with 52.209.x.y:1194 Jul 12 17:53:55 openvpn-client ovpn-client: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Jul 12 17:53:55 openvpn-client ovpn-client: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication The openvpn daemon will log into /var/log/syslog, if everything works it would like this: Jul 12 17:53:55 openvpn-client ovpn-client: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Now you can start the VPN client by running sudo service openvpn start Starting and Monitoring the OpenVPN connection Sudo chmod 600 /etc/openvpn/credentials.txt You can ensure this with the following commands: sudo chown root:root /etc/openvpn/credentials.txt You should keep the credentials.txt file only readable by root and not by other users of your server. When you log in to the EMnify Portal it will shows this data under the VPN settings. The content of the credentials file would then look like this orgId Please Copy+Paste the token into the credentials file. You can create application tokens when you log in to the EMnify Portal, select the "Link" Icon on the top/right and then "Create New Application Token". In this case the first line in the credentials.txt file needs to be filled with your EMnify organisation identifier and instead of the password you store the application token. When you run the OpenVPN client on a VPN gateway or application server it is recommended to use a dedicated application token. If you do not want to store your credentials you can also choose to enter them each time the VPN tunnel is established, if you prefer that option please comment out the line "auth-user-pass /etc/openvpn/credentials.txt" in the nf file. The content of the credentials.txt must be just two lines, first line your username and second your password. You can choose to use your user credentials to authenticate or to use an application token (recommended). In the next steps you need to create a file called credentials.txt in the folder /etc/openvpn. Please store that file on your server in the folder /etc/openvpn. From there you can download a pre-configured configuration file, the filename is nfĭownload and Install VPN Configuration File Log in with your user account on the EMnify Portal and select the "Link" Icon on the top/right. Install openvpn package sudo apt-get install openvpn Setting Up OpenVPN Client on Linux/Ubuntu Install OpenVPN Software On the "Internet Breakout Region" menu (4), Set the Service Policy to a VPN breakout region, e.g., eu-west-1 (VPN).Scroll down to "Service Policies" (2), select the policy assigned to the devices you want to secure and click on "Open" (3).Scroll down to "secure connection" and download the configuration fileĪdditionally, you need to change the Internet Regional Breakout in the device policy: For that no VPN software needs to be installed on the device or any configuration changes to be done, the default EMnify APN does also support VPN flows.įirst, download the VPN config file from the EMnify User InterfaceĢ. The tunnel is established between the EMnify Core Network and the customers VPN gateway or server.Īny traffic exchanged with the mobile devices is encrypted before transmitted over the public internet, therefore adding an additional layer of security and privacy. Data traffic will be exchanged between the devices and the application server through an OpenVPN tunnel, enabling direct communication with the IPs of the mobile devices (no NAT applied). EMnify customers can create their own Virtual Private Network for their mobile IoT/M2M devices fitted with EMnify SIMs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |