Configure Remote User Access using OpenVPN

Erik_deBie · January 9, 2019, 7:12am

Available from firmware version 8.0

Introduction

Besides being able to use PPTP and L2TP with IPsec you can now also use OpenVPN for Remote User Access to your LAN.
This article describes how to configure your Peplink router and a Windows 10 client for remote User Access using OpenVPN.

Configuring your Peplink router

Log on to the web admin interface of the Peplink router.
On Balance models, navigate to Network > Remote User Access.
On MAX models, navigate to Advanced > Remote User Access.

The following menu will appear:

Select OpenVPN
Select the WAN interface and IP addresses where the OpenVPN server of the router should listen on.
Select the client network (LAN subnet) that the remote user is allowed to connect to (this requires a DHCP server to offer IP addresses).
Enter 1 or more Username(s) and password(s) for the Remote User
Save and Apply the Changes

Note:
The username must contain lowercase letters, numerics, underscore(_), dash(-), at sign(@), and period(.) only.
The password must be between 8 and 12 characters long.

Navigate to Status > Device
Download and save the OpenVPN Client Profile.

You have a choice between 2 different OpenVPN Client profiles.

“route all traffic” profile
Using this profile, VPN clients will send all the traffic through the OpenVPN tunnel
“split tunnel” profile
Using this profile, VPN clients will ONLY send those traffic designated to the untagged LAN and VLAN segment through the OpenVPN tunnel.

Configuring a Windows 10 client pc

Download the OpenVPN windows installer of choice from:

https://openvpn.net/community-downloads/

Run through the OpenVPN Setup Wizard and click Finish.

Open the OpenVPN config folder and paste the OpenVPN client profile file to this directory.
In Windows 10 this is by deafult located in the directory: C:\Users%username%\OpenVPN\config

Run the OpenVPN GUI desktop app from the Windows 10 start menu.
Right-click the OpenVPN tray icon in the right bottom corner of your screen and click connect.

An OpenVPN window opens showing the connection process.
Type in the password that you configured earlier to establish the Remote VPN connection.

gokhan.ozkan · January 22, 2019, 4:25am

Hello Erik,
Could we change the port UDP 1194 to TCP 443?

Erik_deBie · January 22, 2019, 4:41am

Hello Gokhan,
Currently the router only listens on UDP port 1194.
It might be possible to make this an editable option in future.
Could you raise this as a new feature request?

ahinojosa_it2 · February 2, 2019, 10:23am

Hi Erik,
Thanks for this information. Can the Peplink device connect to an OpenVPN network as a client rather than as a server?

Thanks!
Alex

MartinLangmaid · February 3, 2019, 2:27pm

No. Server Mode Only,

Robert_Bidewell · February 5, 2019, 8:42pm

Can you add the ability for the clients to access multiple networks?

sttsllc · February 7, 2019, 8:33pm

Is it possible for the client to always connect with the same IP address instead of getting whatever IP address the router hands to it? Like connect with a static IP set on the client or have the router always give that client the same IP address?

bbdo · March 1, 2019, 9:02am

How do we file a feature request to be an openvpn client? Pepwave being a client makes way more sense in a mobile 4G world. thank you!

twomack · March 7, 2019, 7:38am

I see that these instructions have changed slightly with 8 RC1 release. After upgrading from 8b3 to RC1 my OpenVPN no longer works. My Balance 20 does not have the “Authentication” row as seen in your image. Is that unique to the MAX models?

Erik_deBie · March 7, 2019, 8:02am

Hi Twomack,

The sreenshots were taken from a Balance Mediafast 500, they are not unique to the MAX models. Can you share a screenshot of what you see on your Balance 20?
Did you download the OpenVPN Client profile after the firmware upgrade?

twomack · March 7, 2019, 8:31am

Hi Erik,

I’ve attached the screenshot you requested and a screenshot of the log during connection. I did download both “Route all traffic” and “split traffic” profiles after the upgrade and they both failed the same way. Thanks!

Erik_deBie · March 8, 2019, 3:09am

Hi Twomack,

Could you log a ticket here to allow us to check what is going wrong?
The authorization failed, but I can’t see the reason why it failed.

Thanks,

Erik

twomack · March 8, 2019, 6:21am

Opened ticket. Ticket #792230

Thanks!

Robert_Bidewell · April 26, 2019, 8:47am

Updated a Balance 210 from 8.0.0b02 build 4118 to 8.0.0RC4 and could not connect in again with OpenVPN. Rebooted back to b02 and it works.

mystery · April 26, 2019, 10:10am

you might want to post in the RC4 thread or submit a ticket ASAP then before they go to general release on 8.0

Steve · April 28, 2019, 6:46pm

Have you tried to download the ovpn file again for OpenVPN configuration? We have revised the certificate generation process during beta phases and this may be the cause.

Update: Let’s continue the discussion here:

adamdevine · April 28, 2019, 7:32pm

I understand your thoughts but I got so, me issues, My VPN is not working properly, can you told me why this happened.

sitloongs · April 28, 2019, 8:32pm

@adamdevine

If you have tried the suggestion given by Steve, please open a support ticket for support team to check further.

https://ticket.peplink.com/ticket/new

Bakker · May 8, 2019, 4:21am

When i try to login i get the following error:
Wed May 08 14:18:50 2019 WARNING: ‘link-mtu’ is used inconsistently, local=‘link-mtu 1549’, remote=‘link-mtu 1550’
Wed May 08 14:18:50 2019 WARNING: ‘comp-lzo’ is present in remote config but missing in local config, remote=‘comp-lzo’

any thoughts

Erik_deBie · May 8, 2019, 4:32am

Hi Bakker,

It seems a common error; the tips in this discussion might help :
Please also try downloading a recent OpenVPN client config from the status page of your router.
If the above doesn’t help, please open a support ticket.