Configure Remote User Access using OpenVPN

firmware-8
#1

image
Available from firmware version 8.0

Introduction

Besides being able to use PPTP and L2TP with IPsec you can now also use OpenVPN for Remote User Access to your LAN.
This article describes how to configure your Peplink router and a Windows 10 client for remote User Access using OpenVPN.

Configuring your Peplink router

Log on to the web admin interface of the Peplink router.
On Balance models, navigate to Network > Remote User Access.
On MAX models, navigate to Advanced > Remote User Access.

The following menu will appear:

  1. Select OpenVPN
  2. Select the WAN interface and IP addresses where the OpenVPN server of the router should listen on.
  3. Select the client network (LAN subnet) that the remote user is allowed to connect to (this requires a DHCP server to offer IP addresses).
  4. Enter 1 or more Username(s) and password(s) for the Remote User
  5. Save and Apply the Changes

Note:
The username must contain lowercase letters, numerics, underscore(_), dash(-), at sign(@), and period(.) only.
The password must be between 8 and 12 characters long.

  1. Navigate to Status > Device
  2. Download and save the OpenVPN Client Profile.

You have a choice between 2 different OpenVPN Client profiles.

  • "route all traffic" profile
    Using this profile, VPN clients will send all the traffic through the OpenVPN tunnel
  • "split tunnel" profile
    Using this profile, VPN clients will ONLY send those traffic designated to the untagged LAN and VLAN segment through the OpenVPN tunnel.

Configuring a Windows 10 client pc

Download the OpenVPN windows installer of choice from:

https://openvpn.net/community-downloads/

Run through the OpenVPN Setup Wizard and click Finish.


Open the OpenVPN config folder and paste the OpenVPN client profile file to this directory.
In Windows 10 this is by deafult located in the directory: C:\Users%username%\OpenVPN\config
image
Run the OpenVPN GUI desktop app from the Windows 10 start menu.
Right-click the OpenVPN tray icon in the right bottom corner of your screen and click connect.
image
An OpenVPN window opens showing the connection process.
Type in the password that you configured earlier to establish the Remote VPN connection.

14 Likes
OpenVPN Support
#2

Hello Erik,
Could we change the port UDP 1194 to TCP 443?

4 Likes
#3

Hello Gokhan,
Currently the router only listens on UDP port 1194.
It might be possible to make this an editable option in future.
Could you raise this as a new feature request?

4 Likes
#4

Hi Erik,
Thanks for this information. Can the Peplink device connect to an OpenVPN network as a client rather than as a server?

Thanks!
Alex

2 Likes
#5

No. Server Mode Only,

2 Likes
#6

Can you add the ability for the clients to access multiple networks?

#7

Is it possible for the client to always connect with the same IP address instead of getting whatever IP address the router hands to it? Like connect with a static IP set on the client or have the router always give that client the same IP address?

#9

How do we file a feature request to be an openvpn client? Pepwave being a client makes way more sense in a mobile 4G world. thank you!

1 Like
#12

I see that these instructions have changed slightly with 8 RC1 release. After upgrading from 8b3 to RC1 my OpenVPN no longer works. My Balance 20 does not have the “Authentication” row as seen in your image. Is that unique to the MAX models?

#13

Hi Twomack,

The sreenshots were taken from a Balance Mediafast 500, they are not unique to the MAX models. Can you share a screenshot of what you see on your Balance 20?
Did you download the OpenVPN Client profile after the firmware upgrade?

1 Like
#14

Hi Erik,

I’ve attached the screenshot you requested and a screenshot of the log during connection. I did download both “Route all traffic” and “split traffic” profiles after the upgrade and they both failed the same way. Thanks!


#15

Hi Twomack,

Could you log a ticket here to allow us to check what is going wrong?
The authorization failed, but I can’t see the reason why it failed.

Thanks,

Erik

1 Like
#16

Opened ticket. Ticket #792230

Thanks!

1 Like
#19

Updated a Balance 210 from 8.0.0b02 build 4118 to 8.0.0RC4 and could not connect in again with OpenVPN. Rebooted back to b02 and it works.

#20

you might want to post in the RC4 thread or submit a ticket ASAP then before they go to general release on 8.0

#21

Have you tried to download the ovpn file again for OpenVPN configuration? We have revised the certificate generation process during beta phases and this may be the cause.

Update: Let’s continue the discussion here:

1 Like
#22

I understand your thoughts but I got so, me issues, My VPN is not working properly, can you told me why this happened.

#23

@adamdevine

If you have tried the suggestion given by Steve, please open a support ticket for support team to check further.

https://ticket.peplink.com/ticket/new

1 Like
#25

When i try to login i get the following error:
Wed May 08 14:18:50 2019 WARNING: ‘link-mtu’ is used inconsistently, local=‘link-mtu 1549’, remote=‘link-mtu 1550’
Wed May 08 14:18:50 2019 WARNING: ‘comp-lzo’ is present in remote config but missing in local config, remote=‘comp-lzo’

any thoughts

#26

Hi Bakker,

It seems a common error; the tips in this discussion might help :
Please also try downloading a recent OpenVPN client config from the status page of your router.
If the above doesn’t help, please open a support ticket.

1 Like