Deploying a connector on a Teltonika (RutOS) compatible router

Overview

You can configure a Teltonika compatible router for network connector deployment. You must use specific sections from the OpenVPN Cloud connector profile and apply them to the associated router settings.

Steps: Download the connector profile

  1. Sign in to the OpenVPN Cloud administration portal at https://cloud.openvpn.com.
  2. Access Networks and open your router network.
  3. Click on the download icon for the connector.
  4. Click Select Where to Deploy and select Deploy Connector.
  5. Select Teltonika router.
  6. Click Download OVPN Profile and save it on your local computer.

Steps: Configure the Teltonika router

  1. Sign in to the Teltonika router UI.
  2. Access Services > VPN

  3. Click to select Client as the Role, add a name, and click Add New.

  4. Click Edit for the newly created profile.

  5. Set these parameters on the Main Settings screen.

ParameterValue
Enable OpenVPN config from fileDisable
EnableEnable
TUN/TAPTUN(Tunnel)
ProtocolUDP
Port1194
LZODisable
AuthenticationTLS
EncryptionAES-256-CBC-256
TLS cipherAll
Remote host/IP addressOpen the .ovpn profile in a text editor, and copy and paste the host address.
Resolve retryInfinite
Keep aliveA helper directive designed to simplify the expression of –ping and –ping-restart. This option can be used on both the client and server side, but it is enough to add this on the server side because it will push appropriate –ping and –ping-restart options to the client. If used on both server and client, the values pushed from the server will override the client local values.
Remote network IP addressNetwork IP Address
Remote network IP netmaskNetwork subnet mask
HMAC authentication algorithmSHA256
Additional HMAC authenticationAuthentication only (tls-auth)
HMAC authentication key1. In the .ovpn profile, copy the content between the <tls-auth> and </tls-auth> tags and paste them into a new file.
2. Be sure that you include all of the —–BEGIN OpenVPN Static key V1—– and —–END OpenVPN Static key V1—– lines in the new file. There should be a total of two such lines.
3. When copying the contents into a new file, be sure to delete the starting <tls-auth> tag and the ending </tls-auth> tag.
4. Save the new file with a .key extension and upload it.
HMAC key direction1
Extra optionsNot filed
Use PKCS #12 formatDisable
Certificate authority1. In the .ovpn profile, copy the content between the <ca> and </ca> tags and paste them into a new file.
2. Be sure that you include all of the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines in the new file. There should be a total of four such lines.
3. When copying the contents into a new file, be sure to delete the starting <ca> tag and the ending </ca> tag. 
4. Save the new file with a .crt extension and upload it.
Client certificate1. In the .ovpn profile, copy the content between the <cert> and </cert> tags and paste them into a new file.
2. Be sure that you include all of the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines in the new file. There should be a total of two such lines.
3. When copying the contents into a new file, be sure to delete the starting <cert> tag and the ending </cert> tag. 
4. Save the new file with a .crt extension and upload it.
Client key1. In the .ovpn profile, copy the content between the <key> and </key> tags and paste them into a new file.
2. Be sure that you include all of the —–BEGIN RSA PRIVATE KEY—– and —–END RSA PRIVATE KEY—– lines in the new file. There should be a total of two such lines.
3. When copying the contents into a new file, be sure to delete the starting <key> tag and the ending </key> tag. 
4. Save the new file with a .key extension and upload it.
Private key decryption password (optional)Not required
  1. Save your changes, and restart the VPN connection.
  2. Access Services > VPN and check that the configuration is enabled.
  3. Access Status > Network > OpenVPN and check that the status is Connected.