Developers Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


Dynamic VPN

The following document provides information on how to activate and configure the Dynamic VPN service for your ClearOS system. For an overview of the features and benefits of the service, please review the service information here.

Installation

If you did not select this module to be included during the installation process, you must first install the module.

You can find this feature in the menu system at the following location:

Cloud|Services|Dynamic VPN

Activation

  • Login to your ClearCenter account.
  • Click on Systems|Dynamic VPN in the top navigation bar.
  • Select the target system from the list of active systems in your account.

Dynamic VPN is included in the ClearOS Business Gold & Platinum subscriptions. You will see information on your VPN settings if the software has been enabled on your ClearOS gateway.

Configuring Connections with Dynamic VPN

All ClearOS instances using Dynamic VPN need to have a Public IP address assigned to their External interface.

Dynamic VPN support not only simplifies configuration, but also improves the up-time of the connections. In order to create a connection between to systems, you need to configure both ClearOS systems.

If you are configuring a VPN connection between your local gateway and a remote gateway, then configure the remote gateway first. Once the VPN is started on the remote system it will only be accessible when the VPN connection is up.

From the webconfig tool, click on in the Dynamic VPN Connections box. You need to:

  • Select the target system name from the list
  • Type in a pre-shared secret (password)

On the first connection or when an IP address changes, it may take a minute for the connection to synchronize.

The two LAN networks at either end of the VPN connection must not overlap!

MultiWAN

If you have MultiWAN and have a preference of which interface the Dynamic VPN uses, in /etc/clearos/dynamic_vpn.conf set the VPNIF parameter e.g:

VPNIF="eth0"

Then stop IPsec with a:

service ipsec stop

The Dynamic VPN will then restart itself with the new parameter.

Multiple LAN's

By default the Dynamic VPN will only route one LAN over the VPN. If you have a preference of which LAN to route, in /etc/clearos/dynamic_vpn.conf set the LANNET parameter e.g:

LANNET="192.168.0.0/24"

Then stop IPsec with a:

service ipsec stop

The Dynamic VPN will then restart itself with the new parameter.

If you want to route multiple subnets for different LAN's or VLAN's, then please raise a ticket as it has to be manually configured in the Clearcenter server.

If you have multiple adjacent or nearly adjacent LANs that you want to route over the VPN, then they can be combined into a single larger subnet in LANNET. As an example, if you have two LAN subnets of 172.17.2.0/24 and 172.17.3.0/24 you can set LANNET to 172.17.2.0/23 and both subnets will have access to the VPN. Similarly 172.17.0.0/24 and 172.17.2.0/24 will combine into 172.17.0.0/22 as long as 172.17.1.0/24 and 172.17.3.0/24 don't exist at the far end of the VPN.
The Supernet Calculator is a useful tool for checking subnets.

content/en_us/7_ug_dynamic_vpn.txt · Last modified: 2018/09/13 03:45 by NickH

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3A7_ug_dynamic_vpn&1710836414