3 openvpn server instances – NEXCOM IFA 1610 User Manual

Copyright © 2014 NEXCOM International Co., Ltd. All Rights Reserved.

IFA 3610/IFA 2610/IFA 1610 User Manual

Chapter 7: The VPN Menu

58

▪ Use selected certificate. Select one certificate from those available, shown on the right-hand side of the drop-down

menu. It is possible to see the full details of this certificate by clicking on the View details hyperlink.

Hint: The name of the certificate selected appears right above the hyperlink.

▪ Use an existing certificate. A second drop-down menu on the left allows to select a certificate that has already been

created and stored on the appliance.

▪ Upload a certificate. By clicking on the Browse... button that appears underneath the drop-down menu it will be

possible to select from the workstation and to upload an existing certificate. The password for the certificate, if
needed, can be provided in the textfield on the right-hand side.

▪ Upload a certificate signing request. The Browse... button that appears underneath the drop-down menu can be

clicked to select from the workstation and upload an existing certificate signing request. The validity of the certificate
in days can be provided in the textfield on the right-hand side.

7.1.3 OpenVPN Server Instances

The list of already defined OpenVPN instances is shown in this panel, above which is present the Add new OpenVPN
server instance hyperlink. A click on this link will open an editor in which to provide all the necessary configuration
values for a new VPN instance.

Note:

When the number of OpenVPN instances in greater than the cores, a yellow callout informs that the performances

may degrade.

In the editor, the following configuration options are shown.

Name
The name given to the OpenVPN server instance.

Remark
A comment for this instance.

Bind only to
The IP address to which the instance should listen to.

Port
The port on which the instance waits for incoming connections.

Device type
The device used by the instance, chosen between TUN and TAP from the drop-down menu. TUN devices require that the
traffic be routed, hence the option Bridged below is not available for TUN devices.

Protocol
The protocol used, chosen between TCP and UDP from the drop-down menu.

Bridged
Tick this option to run the OpenVPN server in bridged mode, i.e., within one of the existing zones.

Note:

If the OpenVPN server is not bridged (i.e., it is routed), the clients will receive their IP addresses from a dedicated

subnet. In this case, appropriate firewall rules in the VPN firewall should be created, to make sure the clients can access
any zone, or some server/resource (e.g., a source code repository). If the OpenVPN server is bridged, it inherits the firewall
settings of the zone it is defined in.

VPN subnet
This option is the only available if bridged mode is disabled. It allows the OpenVPN server to run in its own, dedicated
subnet, that can be specified in the text box and should be different from the subnets of the other zones.

Bridge to
The zone to which the OpenVPN server should be bridged. The drop-down menu shows only the available zones.