VPN SSL
VPN stands for "Virtual Private Network" and means a specially secured connection between server and client. A virtual, individual (private) network is established between the communication partners which cannot be accessed by third parties. Server and client use this network to communicate in such a way as if they were in the same network.
VPN SSL
Based on OpenVPN
Server and client functionality (BAB SECURELINK)
Very secure
ConfigTool – VPN SSL
The VPN service in the EIBPORT offers two functionalities:
Establishing a BAB SECURELINK connection (device serves as VPN client) to other BAB devices (LINKMODULE, EIBPORT, FACILITYMASTER)
VPN server for a secure connection between PC and LINKMODULE via an OpenVPN client
To be able to use these functionalities, it is important to initialise the integrated VPN SSL server after commissioning, see below.
Initialising VPN SSL server
To be able to use the services relevant to VPN SSL (BAB SECURELINK, VPN Server) in the EIBPORT, the VPN server must be initialised once. To do so, click on "Start basic configuration" in the "VPN SSL" menu.
System – VPN SSL, starting basic configuration
Note: Initialising takes approx. 50 minutes. During this time the required certificates are generated. Do not switch off the EIBPORT while this process takes place.
After the VPN server has been successfully initialised (see above) the VPN server settings are displayed.
System – VPN SSL, server initialised
VPN server settings (for incoming connections)
The following parameters are available for configuring the VPN server for incoming connections:
Enable VPN server: VPN server is only enabled if the box is checked.
Display server log: "CLIENT LIST", "ROUTING TABLE" and "GLOBAL STATS" are displayed.
External IP address / host name: Please enter here the address under which the EIBPORT can be reached from outside. If the incoming connection (a VPN client wanting to connect with the server) is from the same network, enter here the local IP address of the EIBPORT. If it is an external connection, the external address of the corresponding network must be used (e. g. the external IP address of the DSL router).
EIBPORT VPN IP: Specifies the IP address allocated to the EIBPORT within the VPN network.
VPN port: Specifies the port number on which the VPN service communicates.
VPN subnetwork IP range: Specifies the IP range in which the VPN network is created (10.8.0.0 is set as default).
VPN subnetwork mask: Specifies the subnetwork range of the VPN IP range (255.255.255.0 is set as default).
Maximum number of clients: This number specifies how many VPN clients can connect with the server.
Saving settings: Saves the settings.
Note: The VPN server is only active after "Enable VPN server" has been highlighted and the settings have been saved.
Create OpenVPN (VPN client) configuration file
Helps to establish a VPN connection between computer and EIBPORT. The required VPN connection settings are compiled in an OpenVPN configuration file and saved on the local computer. OpenVPN is a free software for establishing VPN connections for almost all operating systems.
VPN SSL – Creating and downloading OpenVPN file
Please download the correct OpenVPN client software for your operating system.
Windows: "OpenVPN GUI" (from www.openvpn.net)
MAC OS: " OpenVPN for macOS" (from https://openvpn.net/client-connect-vpn-for-mac-os/ )
Android: " OpenVPN Connect " (from Google Play Store)
iOS: „OpenVPN Connect“ (von https://apps.apple.com/ )
Creation of the VPN configuration file for your client.
Enter a unique name for the configuration file under "Client Name". This name will later be used to identify the respective computer in the list of "Known Clients".
Click on "Create and download". A browser dialog opens for downloading the "*.ovpn" configuration file. Save the configuration file on your computer. At the same time, the configuration file is displayed as a known client in the "Known clients and issued certificates" list.
PORT RELEASE FOR VPN CONNECTION
Please note that the TCP port for the VPN connection must be enabled. To release a port in your router, you must set up port forwarding on the router.
Set up OpenVPN Client for Windows / MACOS
Installation of OpenVPN Connect client software on your PC / Mac
The created VPN configuration file '[Name].ovpn' can be opened directly with the client software by double-clicking
Confirm the selection of your VPN configuration file
The VPN connection is started by activating "Connect".
The EIBPORT can now be reached under the "EIBPORT VPN IP" (10.8.0.1 by default)!
Set up OpenVPN Client for Android devices
Install OpenVPN Connect APP on your Android device
OpenVPN Connect APP
Transfer the created VPN configuration file '[Name].ovpn' to your Android device
OpenVPN Connect App – Data import
Import your configuration file (e.g. VPN_Android.ovpn)
With "ADD" the connection to your EIBPORT is established via OpenVPN
Your EIBPORT can now be reached under the EIBPORT VPN IP (10.8.0.1 by default)!
Practical tip:
In case of troubles with the connection due to changes or updates, it may make sense to reconfigure the VPN SSL. However, deletion is not possible. The VPN SSL connection can only be reset during the update process of the EIBPORT, so that the restoration takes place without adopting the VPN settings.
Set up OpenVPN Client for iOS-devices
Installation of the OpenVPN Connect APP on your iOS device
OpenVPN Connect APP iOS
The created VPN configuration file '[Name].ovpn' can be opened directly as an email attachment
OpenVPN Connect - configuration
Confirm the selection of your VPN configuration file with "ADD"
OpenVPN Connect – connection establishment
After the configuration has been loaded, the connection is activated by ADD and the VPN connection is started.
OpenVPN Connect - Connection status
OpenVPN - CUBEVISION 2
The EIBPORT can now be reached under the "EIBPORT VPN IP" (10.8.0.1 by default)!
Known clients and issued certificates
This list contains all configuration files that have been created.
OpenVPN – list of known clients
If a connection is active, the corresponding values are shown in "Client IP" and "Connected since".
Certificate
Each connected client has been allocated its own certificate by the configuration file. The certificate can be displayed using the "Certificate" button, downloaded ("Download") or blocked ("Block").
OpenVPN Client – displaying the certificate
Block client
To block a connected client, use the "Block" function in the "Certificate" menu. The client connection will be interrupted immediately. To be able to use the client again, the block has to be deleted and a configuration file has to be re-created.
Open "Certificate" again. Click on "Delete". You can then load a configuration file for the same client’s name in the Certificate window.