Setup Gateway with OpenVPN
Introduction to OpenVPN¶
Connecting the LoRaWAN Gateway via VPN allows you to better manage the entire network, in particular you can:
-
Access the entire network and directly to all gateways/base stations (via ssh,web..) regardless of the type of LAN / VLAN / 3G / 4G connection
-
Create a secure connection between gateways and network servers LoRaWAN / IoT Platform
Note
Starting with Merlin v30, you don't need to manually install a certificate on the gateway anymore, as Merlin will automatically download and installed need as configured on the gateway platform page via the Connection Settings tab.
You will still need to manually install the OpenVPN service on the gateway first.
How it works with the fully managed ResIOT OPEN Cloud services¶
1) Enter the customer area https://login.resiot.io select the ResIOT Open Cloud service and select download OpenVPN configuration file
2) A .ovpn file will be downloaded. Save it in a safe place. Warning: If you want a new release of the certificates because stolen you will have to reconfigure all the devices that use that certificate
3) On some older versions of OpenVPN the file will need to be renamed to .conf
VPN connection from a Windows Pc¶
1) Download and install OpenVPN Client from https://openvpn.net/index.php/download/community-downloads.html (installer version)
2) Open OpenVPN icon on the bottom left and select Import file ..
3) Select the .ovpn file you downloaded previously
4) Select the connect function from the menu. The client establishes a secure connection and a new IP address will be acquired, usually 10.8.x.x
5) To check the new address open Command Prompt and type ipconfig
ipconfig
Connection to the VPN from a Multitech Gateway¶
Rename the file previously downloaded from .ovpn to .conf and copy to FAT or FAT32 formatted USB flash drive. (For experienced users: if the gateway is already connected to the network you can also enter a secure space such as FTP and then download via ssh and skip the next 5 steps, restart from Install OpenVPN Clien)
You'll now want to open a serial connection to your gateway. The fastest way via windows is probably using Putty. Select "Serial" as connection mode, 115200 speed and the right COM serial port.
Now plug your USB key into your conduit and mount the system:
mount /dev/sdb1 /mnt
Depending on your model sometimes you'll run into an error. If you do, run instead:
mount /dev/sda1 /mnt
Then copy the installer to the root of the Conduit:
cp -r /mnt/* /home/root/
Now you can safely unmount the USB drive:
umount /mnt
The File is now on your gateway. Head to your Home directory.
Install OpenVPN Client:
opkg update
opkg install openvpn
we set up the service with automatic start:
update-rc.d openvpn defaults
Copy the .conf file to the OpenVPN client folder
cp /home/root/resiotnetwork.conf /etc/openvpn
Let's restart the OpenVPN service
/etc/init.d/openvpn restart
Wait a few seconds and verify that it is connected and we have taken an IP address
ifconfig
If everything works regularly you should see a new connection named tun0 or similar with ip address 10.8.x.x
Now you can connect from your windows PC to your gateways using Ssh using Putty or to the ResIOT Base Station Client by opening the link http: // ipgateway: 50056
Configuring the ResIOT basestation client to work over OpenVPN¶
Once your gateway is connected to the VPN, you can edit the configuration of your ResIOTâ„¢ basestation client to transfer data through the VPN and not over public TCP.
To do so, just edit the gRPC host via the web interface and instead of using the public IP address, just enter the Server's one (usually 10.8.0.1
)