Skip to main content

Routers

Tutorial: Connect Your Cisco Router to CloudConnexa with IPsec

Abstract

Configure an IPsec tunnel between a Cisco router and CloudConnexa, including network setup, authentication, advanced settings, and connectivity verification.

This tutorial walks you through setting up an IPsec tunnel between your Cisco router and CloudConnexa.

To complete this setup, you'll configure components on both the CloudConnexa side and your Cisco router, including:

  • A Network in CloudConnexa to represent your private network.

  • A Network Connector configured for IPsec.

  • Tunnel parameters such as authentication, encryption, and routing.

  • Your Cisco router using the provided configuration details.

Once configured, users and networks connected to CloudConnexa can securely access resources in your private network.

Before you begin

  • Ensure you have a CloudConnexa account and Cloud ID.

  • Ensure your Cisco router supports IPsec.

  • Ensure you have access to your router configuration instance.

Step 1: Create a Network in CloudConnexa

  2. Navigate to Networks → Networks.

  3. Click Add Network.

  4. Select at least one Network Scenario. Refer to these tutorials for details:

  5. Click Continue.

  6. For the Network Configuration, enter a name and description (optional).

  7. Select IPsec as the Connector Tunneling Protocol.

  8. For the Connector, enter a name and description (optional).

  9. Click Next.

Step 2: Configure the Network Connector

In the Configure Network Connector step, configure the IPsec Network Connector:

  1. Configure the platform: In Platform to Connect, select Cisco.

  2. Enter connection details: In Remote Site Public IPv4 Address, enter the public IP address of your router or VPN gateway.

  3. Configure authentication:

    • Option 1: Shared Secret — Enter the pre-shared key (PSK), hostname, and domain for the IPsec Network Connector.

      Tip

      CloudConnexa doesn't generate a PSK. You need to create and configure the same key on both CloudConnexa and your network device. Use only alphanumeric characters, as some characters aren't supported.

      Example (Linux/macOS):

      openssl rand -hex 32

    • Option 2: Certificate-based — Upload the required files and provide a passphrase.

      Tip

      Ensure the certificates and private key:

      • Match each other (the private key corresponds to the uploaded certificate).

      • Are trusted by both peers (the correct CA certificate is provided).

  4. (Optional) Configure advanced settings: Expand Advanced Configuration to customize IPsec parameters:

    • IKE Version: Select the version: IKEv1 or IKEv2.

      Tip

      If using IKEv2 and only GCM encryption algorithms (AES-128-GCM-16 and/or AES-256-GCM-16), the integrity algorithm and a DH group are optional in phase 2.

      For non-GCM encryption algorithms, an integrity algorithm and a DH group are required. The default values are applied automatically.

    • Phase 1 settings:

      Setting

      Description

      Encryption Algorithm

      Select one or more supported encryption algorithms.

      Integrity Algorithm

      Select a supported integrity algorithm.

      Diffie-Hellman Group

      Select a DH group supported by your device.

      Lifetime (sec)

      Enter a value between 901 and 86400.

    • Phase 2 settings:

      Setting

      Description

      Encryption Algorithm

      Select one or more supported encryption algorithms.

      Integrity Algorithm

      Select a supported integrity algorithm.

      Diffie-Hellman Group

      Select a DH group supported by your device.

      Lifetime (sec)

      Enter a value between 900 and 28800.

    • IKE rekey settings:

      Setting

      Description

      Rekey Margin Time (sec)

      Value between 60 and half of Phase 2 lifetime.

      Rekey Fuzz (%)

      Value between 0 and 100.

      Replay Window Size (packets)

      Value between 64 and 2048.

    • Connection behavior:

      Setting

      Description

      Startup Action

      Defines how the tunnel is initiated.

      CloudConnexa Connection Restoration

      Controls whether the tunnel automatically reconnects if interrupted:

      • Defaults to Yes when Startup Action = Start.

      • Automatically set to No when Startup Action = Attach and can't be changed.

Step 3: Review remote tunnel configuration

CloudConnexa provides configuration details required for your network router.

  1. Locate the Remote Tunnel Configuration section.

  2. Note the values provided for:

    • Firewall configuration.

    • IPsec tunnel parameters.

    • Connection initiation and restoration parameters.

    • Static routes.

    • DNS settings.

  3. Keep this information available for configuring your router.

Step 4: Configure your network router

  • Use the values from the Remote Tunnel Configuration section to configure your IPsec device.

Step 5: Verify connectivity

After configuring both sides of the tunnel, verify that the connection is established.

  1. In the Verify Connectivity section, click Test Connection.

    CloudConnexa attempts to establish a connection to your remote network.

  2. Check the connection status:

    • Connected — The tunnel is successfully established.

    • Offline — The connection failed or hasn't been established yet.

      Tip

      If the connection status is Offline:

      • Click View Logs to review connection details.

      • Verify the following:

        • PSK or certificates match on both sides.

        • IPsec parameters (encryption, DH group, lifetimes) are aligned.

        • Firewall rules allow IPsec traffic.

        • The correct public IP address is configured.

Step 6: Complete the setup

  1. Click Finish to complete the Network configuration.

  2. Confirm that:

    • The Network is created.

    • The Connector shows a Connected status.

Tutorial: Configure a DD-WRT Router To Connect to CloudConnexa

Abstract

This tutorial contains instructions on how to use a DD-WRT router and configure it to use a Connector profile to connect to CloudConnexa and make the network part of your WPC.

Introduction

Many of our Users have expressed interest in using DD-WRT or related routers to connect to CloudConnexa instead of using the Connector application.

While connecting in this manner may not yield the best performance, due to the limited processing power and memory of the router, it could be useful in cases where convenience, rather than high throughput, is required.

Important

The information provided here is for EDUCATIONAL and INFORMATIONAL purposes only. We are not responsible for any damages you incur as a result of using these instructions here. For technical support, you need to contact the supplier of the router or the appropriate community forums. It is not guaranteed that all versions of the firmware will work as expected with CloudConnexa and some features may be incompatible. It is best to update the firmware to the latest version.

Downloading the Connector Profile

To configure the routers you need to use specific sections of the OpenVPN Connector Profile in specific setting configurations.

First, you need to download the Profile in .ovpn format from the Network configuration you have created in the Administration portal to represent the router’s Network.

The Profile can be downloaded by selecting it as the option in the drop-down list shown after clicking on the download icon.

Configuring DD-WRT

Before you begin, make sure your router is properly configured for a NTP server. This setting could be found under the set up tab in your router configuration. Under Time settings, make sure the NTP Client is set to Enable and the Server IP / Name is populated with a proper time server. If you do not know what your time server is, please fill in time.nist.gov in the text box as indicated.

Afterward, visit the Services tab, then the VPN tab. Under the section Start OpenVPN Client, click the Enable radio box. If you do not see this section, it is possible that your DD-WRT build is not OpenVPN enabled. Please consult the proper DD-WRT documentation for more information on the various DD-WRT builds.

Once you have selected that option, also check the Enable option under Advanced Options, this will allow you to define options required for the WPC connection to work.

The following screen should then be displayed, as depicted below:

62eadb6d9338c.png

Configuration Descriptions

Start CloudConnexa Client: Enables/Disables the CloudConnexa client connection.

Server IP/Name: The hostname of the WPC server you are trying to connect to. Look inside your Profile for entries starting with remote. For example, the entry remote us.shieldexchange.com 1194 udp indicates that the hostname is us.shieldexchange.com.

Port: The port number the WPC server is listening on. If you do not know what this is, either look for the port number in remote entries such as the one shown in the previous example. In the previous example, the port is 1194. If your server is only using a single port, you may see the port number specified using the port directive (e.g. port 1194). It is preferable that you choose UDP ports over TCP, as UDP provides better reliability for your WPC sessions.

Tunnel Device: Select TUN

Tunnel Protocol: Select UDP

Encryption Cipher: Select whatever appears on the cipher line of the Profile. By default, AES-256-CBC is used for CloudConnexa.

Hash Algorithm: Select whatever appears on the auth line of the Profile. By default, SHA256 is used for CloudConnexa.

Verify Server Cert.: Located in Advanced Options. Checks to see if the remote server is using a valid type of certificate meant for OpenVPN Connections. As this is a security feature of CloudConnexa, it should be left enabled.

Advanced Options: As described previously, this option must be Enabled for you to set the required options necessary for a successful WPC connection.

LZO Compression: Enables compression over WPC. This option should be Disabled.

NAT: Creates a NAT layer over the WPC tunnel. This should be Enabled if you plan to have all your client’s traffic to be sent over the WPC tunnel under the shared WPC IP address assigned by CloudConnexa. If you want to send traffic from your clients directly over the tunnel without any address modification(s) (e.g. If you were using Advanced Routing), then this option should be Disabled. It is highly recommended that you turn this option ON, unless you know what you are doing.

Local IP Address: Specify a IP address that your CloudConnexa tunnel should use. This field is usually not applicable, since CloudConnexa automatically assigns an address upon a successful connection.

TUN MTU Setting: The maximum transmission unit (MTU) used over the WPC tunnel. Leave this at 1500, unless otherwise directed by a support staff or a Network professional.

Tunnel UDP Fragment (blank).

Note

Unless directed otherwise by a support staff or a network professional, leave this field blank.

Tunnel UDP MSS-Fix (Default: Disable).

TLS Cipher: What encryption algorithm CloudConnexa should use for encrypting its control channel. Selecting None will allow DD-WRT to auto-negotiate the strongest available cipher.

TLS Auth Key: The static key CloudConnexa should use for generating HMAC send/receive keys. You may find this key surrounded by the <tls-auth>..</tls-auth> brackets. Copy the contents from your Profile, starting from –BEGIN CloudConnexa Static key V1– until you reach –END CloudConnexa Static key V1–.

Additional Config: Any additional configurations you want to define for the WPC connection.

Policy based Routing: This field should be left blank.

PKCS12 Key: This field should be left blank.

Static Key: This field should be left blank.

CA Cert: The CA certificate used by the WPC server, found between the <ca>…</ca> brackets inside the Profile. Start copying from –BEGIN CERTIFICATE– until you hit the first –END CERTIFICATE–.

Public Client Cert: The CA certificate used by the WPC client, found between the <cert>..</cert> brackets inside the Profile. Start copying from –BEGIN CERTIFICATE– until you hit –END CERTIFICATE–.

Private Client Key: The client’s private key used by the WPC client, found between the <key>..</key> brackets inside the Profile. Start copying from –BEGIN RSA PRIVATE KEY– until you hit –END RSA PRIVATE KEY–.

To start the WPC connection, click the Apply Settings towards the bottom of the page. You may view the status of your WPC connection by visiting the Status tab, and then the CloudConnexa tab.

Tutorial: Configure an OpenWrt Router To Connect to CloudConnexa

Abstract

This tutorial contains instructions on how to use an OpenWrt router and configure it to use a Connector profile to connect to CloudConnexa and make the network part of your WPC.

Introduction

Many of our Users have expressed interest in using CloudConnexa protocol compatible routers to connect to CloudConnexa instead of using the Connector application.

While connecting in this manner may not yield the best performance, due to the limited processing power and memory of the router, it could be useful in cases where convenience, rather than high throughput, is required.

Important

The information provided here is for EDUCATIONAL and INFORMATIONAL purposes only. We are not responsible for any damages you incur as a result of using these instructions here. For technical support, you need to contact the supplier of the router or the appropriate community forums. It is not guaranteed that all versions of the firmware will work as expected with CloudConnexa and some features may be incompatible. It is best to update the firmware to the latest version.

Note

Refer to instructions from OpenWrt for the latest information.

Downloading the Connector Profile

To configure the routers you need to use specific sections of the OpenVPN Connector Profile in specific setting configurations.

First, you need to download the Profile in .ovpn format from the Network configuration you have created in the Administration portal to represent the router’s Network.

The Profile can be downloaded by selecting it as the option in the drop-down list shown after clicking on Deploy.

Open the downloaded Profile file in a text editor. In Windows, the file must be opened in a text editor other than Notepad (e.g. Wordpad / Notepad++).

Configuring OpenWrt

To connect to the CloudConnexa service using your OpenWrt router, please follow the steps below:

  1. If you have not already upgraded to the latest of OpenWrt, please follow the instructions on the OpenWrt website.

  2. Login to the LuCI web interface, and then go to System -> Software.

  3. Install the openvpn-openssl and the luci-app-openvpn packages on your system by putting the name of the package in the Download and install package: textbox and then click OK.

  4. After the packages have been installed, refresh the web page. The OpenVPN option should appear under VPN. If the option does not appear, log out of the administration interface and then log back in.

  5. In the LuCI interface, go to VPN > OpenVPN.

  6. If your router supports the OVPN configuration file upload option, follow the steps in OVPN configuration file upload, otherwise follow Template based configuration.

OVPN configuration file upload

To upload the Profile to your router, follow the steps below:

  1. VPN > OpenVPN.

  2. Under ovpn configuration file upload, in the textbox instance name, enter CloudConnexa; Choose the downloaded profile in .ovpn format and click upload.

  3. Under the OpenVPN instances, check the Enabled checkbox from the newly created instance (CloudConnexa) and click start.

  4. Click Save and Apply.

Template based configuration

  1. In the blank text box that appears, enter CloudConnexa as the name, and use the Client configuration for a routed multi-client WPC drop-down option, and click Add.

    Note

    This is in the template-based configuration text box instance name.

  2. In the Profile editor that appears, click the Switch to advanced configuration >> link.

    Note

    You will need to edit the newly created instance.

  3. From VPN > OpenVPN in the Profile editor:

    1. Choose from the "additional field" drop-down list fast_io.

    2. Check the fast_io checkbox.

    3. Click the Save button.

  4. In the Networking tab of the Profile editor:

    1. Under — Additional Field —, add the sndbuf and rcvbuf fields.

    2. Change the sndbuf and rcvbuf values to both 0.

    3. Change the dev textbox to read tun0.

    4. Select adaptive under the comp_lzo option.

    5. Click the Save button.

  5. In the VPN tab of the Profile editor:

    1. Check the pull checkbox.

    2. In the remote text box, enter the remote value from your Profile file. They should be near the top of the file and after the word remote (e.g. eu-west.gw.openvpn.com 1194 udp).

    3. Click the + button next to the text box, and repeat the entry for the 443 tcp entry below (e.g. eu-west.gw.openvpn.com 443 tcp).

    4. Click the Save button.

  6. In the Cryptography tab of the Profile editor:

    1. Under –Additional Field— , add the ca field.

      1. In the Profile you have downloaded, copy the contents between the <ca> and </ca> tag into a new file. Make sure you include all of the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines in the new file. There should be a total of four of such lines, and when copying the contents into a new file, omit the <ca> and </ca> tags in the beginning and the end, since these will be added automatically by OpenWrt.

      2. Upload the certificate into OpenWrt by selecting the new file you have created.

    2. Under –Additional Field— , add the cert field.

      1. In the Profile you have downloaded, copy the contents between the <cert> and </cert> tag into a new file. Make sure you include all of the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines in the new file. There should be a total of two of such lines, and when copying the contents into a new file, omit the <cert> and </cert> tags in the beginning and the end, since these will be added automatically by OpenWrt.

      2. Upload the certificate into OpenWrt by selecting the new file you have created.

    3. Under –Additional Field— , add the key field.

      1. In the Profile you have downloaded, copy the contents between the <key> and </key> tag into a new file. Make sure you include all of the —–BEGIN RSA PRIVATE KEY—– and —–END RSA PRIVATE KEY—– lines in the new file. There should be a total of two of such lines, and when copying the contents into a new file, omit the <key> and </key> tags in the beginning and the end, since these will be added automatically by OpenWrt.

      2. Upload the key into OpenWrt by selecting the new file you have created.

    4. Under –Additional Field— , add the tls_auth field.

      1. In the Profile you have downloaded, copy the contents between the <tls-auth> and </tls-auth> tag into a new file. Make sure you include all of the —–BEGIN CloudConnexa Static key V1—– and —–END CloudConnexa Static key V1—– lines in the new file. There should be a total of two of such lines, and when copying the contents into a new file, omit the <tls-auth> and </tls-auth> tags in the beginning and the end, since these will be added automatically by OpenWrt.

      2. Upload the TLS auth key file using SCP to your router in the /etc/openvpn/ folder with the file name tlsauth.key. If you already have a WPC Profile that is using this file name, change the file name accordingly and then update the path value in the tls_auth text box that appears. If you are using Notepad++ to copy the contents of the file over a PuTTY or an SSH session, please make sure the new file is using the Windows EOL format, otherwise the copied lines will not be transferred properly. This option can be changed in Edit -> EOL Conversion -> Windows Format.

  7. Click Save & Apply to save the CloudConnexa configuration on your router.

  8. On the top of the LuCI interface, go to Network -> Interfaces.

    1. Click Add new interfaces…

    2. Enter CloudConnexa under the Name text box.

    3. Select Unmanaged under the Protocol text box.

    4. Click the drop-down next to Interface: and enter tun0 into the text box.

    5. Click Create interface to save the custom interface.

  9. On the top of the LuCI interface, go to Network -> Firewall.

    1. Click the Add button.

    2. Use the following settings for the newly created zone:

      1. Name: OC

      2. Input: drop

      3. Output: accept

      4. Forward: drop

      5. Masquerading: Checked

      6. MSS Clamping: Unchecked

      7. Covered Networks: CloudConnexa (checked)

      8. Inter-Zone Forwarding -> Allow forward from source zones: lan (checked)

    3. Click Save & Apply to save the newly created zone.

  10. To start the VPN connection, go to VPN -> OpenVPN, check the Enabled checkbox and then the start button under the CloudConnexa Profile.

Tutorial: Configure a PfSense Router To Connect to CloudConnexa

Abstract

This tutorial contains instructions on how to use a PfSense router and configure it to use a Connector profile to connect to CloudConnexa and make the network part of your WPC.

Introduction

Many of our Users have expressed interest in using CloudConnexa compatible routers to connect to CloudConnexa instead of using the Connector application.

While connecting in this manner may not yield the best performance, due to the limited processing power and memory of the router, it could be useful in cases where convenience, rather than high throughput, is required.

Important

The information provided here is for EDUCATIONAL and INFORMATIONAL purposes only. We are not responsible for any damages you incur as a result of using these instructions here. For technical support, you need to contact the supplier of the router or the appropriate community forums. It is not guaranteed that all versions of the firmware will work as expected with CloudConnexa and some features may be incompatible. It is best to update the firmware to the latest version.

Downloading the Connector Profile

Sign in to the CloudConnexa Administration portal at https://cloud.openvpn.com.

  1. Navigate to Networks.

  2. Select Networks.

  3. Click the name of the router Network.

  4. Click the Connectors tab.

  5. Click the Deploy drop-down menu of the Connector you wish to modify.

  6. Select Deploy Connector.

  7. Click the Provider Type drop-down menu.

  8. Select pfSense.

  9. Click Download OVPN Profile.

Alternatively, you may download the profile by clicking the Network name, and the edit icon for the Network.

Or from the Connectors menu.

Open the downloaded Profile file in a text editor. In Windows, the file must be opened in a text editor other than Notepad (e.g. Wordpad / Notepad++).

Configuring pfSense

  1. From the main menu go to SystemCert. Manager

  2. Next, go select CAsAdd

  3. Select Method Import an existing Certificate Authority

  4. Set some “Descriptive name”

  5. In the Certificate Data space, copy the data from the Connector’s Profile: everything between Certificate Authority  <ca> and </ca>

  6. Click Save

  7. CertificatesAdd

  8. Select Method Import an existing Certificate

  9. Set some “Descriptive name”

  10. In the Certificate Data space, copy the data from the Connector’s Profile: everything between the Certificate data and between the Private key data <cert> and <cert>.

    1. In the Private key data space, copy the data from the Connector’s Profile: everything between <key> and <key>.

    2. In certificate type, choose: X.509 (PEM)

  11. Click Save

  12. From the main menu go to VPNOpenVPN

  13. Select Clients Add a client

  14. Enter preferable PGMT Hostname of the Cloud Connexa server in the Server Host or address field. Refer to Region Locations to find hostnames if needed.

  15. Uncheck Automatically generate a TLS Key

  16. In the TLS Key space, copy the data from the Connector’s Profile: everything between the TLS Key <tls-auth> and <tls-auth>.

  17. Select your Certificate Authority in the Peer Certificate Authority drop-down menu

  18. Select your Certificate in the Client Certificate drop-down menu

  19. Select AES-256-GCM in the Encryption Algorithm Data Encryption Algorithms drop-down menu

  20. Select SHA256 in the Auth Digest Algorithm drop-down menu

  21. Select Disable Compression in the Compression drop-down menu

    1. In Allow compression drop-down choose: Decompress Incoming, do not compress outgoing (asymmetric)

    2. In Compression drop-down choose: Disable Compression [Omit Preference].

  22. Click Save

  23. From the main menu go to StatusOpenVPN

  24. Ensure that OpenVPN service is up and Virtual IP Addresses are assigned

Steps after the tunnel is ONLINE

Enable the tunnel interface by carrying out the steps below:

  1. Interfaces > assignment

  2. Add > Choose the tunnel created for CloudConnexa. It will be shown as LAN. Click on the name > Enable it and change the name if desired.

  3. Click Save.

  4. Apply changes.

  5. On Status > Interfaces check that the tunnel interface is added with status: Up.

tunnel_interface_enable.png

Enable NAT by carrying out the steps below:

  1. Firewall > NAT > Outbound

  2. Outbound NAT Mode: Hybrid

  3. Add > interface Pointing to local resources

  4. Interface > WAN

    Address Family > IPv4+IPv6

    Protocol > Any

    Source > Any

    Destination > Any

  5. Click Save

  6. Apply Changes

Note

If there are any problems, please check Status > System logs > Firewall  to ensure that there are no firewall rules blocking traffic.

outbout_nat.png
Configuration Screenshots
62eadda4762e6.jpg
62eadda62b53c.jpg
62eadda80645b.jpg
62eadda9ba953.jpg
62eaddad095fc.jpg
62eaddaecb504.jpg
62eaddb09413b.jpg
62eaddb229627.jpg
62eaddb39f590.jpg
62eaddb534198.jpg
62eaddb6bcd99.jpg
62eaddb841143.jpg
62eaddb9f2960.jpg
62eaddbbacbf8.jpg
62eaddbd45846.jpg
62eaddbf0183c.jpg
62eaddc09b1b2.jpg
compression_settings.png
62eaddc234943.jpg
62eaddc385c99.jpg
62eaddc51e843.jpg

Tutorial: Configure a Teltonika Router To Connect to CloudConnexa

Abstract

This tutorial contains instructions on how to use a Teltonika router and configure it to use a Connector profile to connect to CloudConnexa and make the network part of your WPC.

Introduction

You can configure a Teltonika-compatible router for Network Connector deployment. You must use specific sections from the OpenVPN Connector Profile and apply them to the associated router settings.

Downloading the Connector profile

Sign in to the CloudConnexa Administration portal at https://cloud.openvpn.com.

  1. Navigate to Networks.

  2. Select Networks.

  3. Click the name of the router Network.

  4. Click the Connectors tab.

  5. Click the Deploy drop-down menu of the Connector you wish to modify.

  6. Select Deploy Connector.

  7. Click Provider Type drop-down menu.

  8. Select Teltonika.

  9. Click Download OVPN Profile.

Alternatively, you may download the profile by clicking the Network name, and the edit icon for the Network.

Or from the Connectors menu.

Configuring the Teltonika router

  1. Sign in to the Teltonika router UI.

  2. Access Services > VPN

    teltonika_1.png

  3. Click to select Client as the Role, add a name, and click Add New.

    teltonka_2.png

  4. Click Edit for the newly created Profile.

    teltonika_3.png

  5. Set these parameters on the Main Settings screen.

    teltonika_4.png
    teltonika_5a.png

    Parameter

    Value

    Enable OpenVPN config from file

    Disable

    Enable

    Enable

    TUN/TAP

    TUN(Tunnel)

    Protocol

    UDP

    Port

    1194

    LZO

    Disable

    Authentication

    TLS

    Encryption

    AES-256-CBC-256

    TLS cipher

    All

    Remote Host/IP address

    Open the .ovpn Profile in a text editor, and copy and paste the Host address.

    remote host ip.png

    Resolve retry

    Infinite

    Keep alive

    A helper directive designed to simplify the expression of –ping and –ping-restart. This option can be used on both the client and server side, but it is enough to add this on the server side because it will push appropriate –ping and –ping-restart options to the client. If used on both server and client, the values pushed from the server will override the client local values.

    Remote Network IP address

    Network IP Address

    Remote Network IP netmask

    Network subnet mask

    HMAC authentication algorithm

    SHA256

    Additional HMAC authentication

    Authentication only (tls-auth)

    HMAC authentication key

    1. In the .ovpn Profile, copy the content between the<tls-auth> and </tls-auth> tags and paste them into a new file.

    2. Be sure that you include all of the --- BEGIN OpenVPN Static key V1---­ and ---END OpenVPN Static key V1--- lines in the new file. There should be a total of two such lines.

    3. When copying the contents into a new file, be sure to delete the starting <tls-auth> tag and the ending </tls-auth> tag.

    4. Save the new file with a .key extension and upload it.

    HMAC key direction

    1

    Extra options

    Not filed

    Use PKCS #12 format

    Disable

    Certificate authority

    1. In the .ovpn Profile, copy the content between the <ca> and </ca> tags and paste them into a new file.

    2. Be sure that you include all of the ---BEGIN CERTIFICATE--- and ---END CERTIFICATE--- lines in the new file. There should be a total of four such lines.

    3. When copying the contents into a new file, be sure to delete the starting <ca> tag and the ending </ca> tag.

    4. Save the new file with a .crt extension and upload it.

    Client certificate

    1. In the .ovpn Profile, copy the content between the <cert> and </cert> tags and paste them into a new file.

    2. Be sure that you include all of the ---BEGIN CERTIFICATE--- and ---END CERTIFICATE--- lines in the new file. There should be a total of two such lines.

    3. When copying the contents into a new file, be sure to delete the starting <cert> tag and the ending </cert> tag.

    4. Save the new file with a .crt extension and upload it.

    Client key

    1. In the .ovpn Profile, copy the content between the <key> and </key> tags and paste them into a new file.

    2. Be sure that you include all of the ---BEGIN RSA PRIVATE KEY--- and ---END RSA PRIVATE KEY--- lines in the new file. There should be a total of two such lines.

    3. When copying the contents into a new file, be sure to delete the starting <key> tag and the ending </key> tag.

    4. Save the new file with a .key extension and upload it.

    Private key decryption password (optional)

    Not required

  6. Save your changes, and restart the WPC connection.

  7. Navigate to Services > WPC and check that the configuration is enabled.

  8. Navigate to Status > Network > OpenVPN and check that the status is Connected.

Tutorial: Configure a Ubiquiti (EdgeMAX) Router To Connect to CloudConnexa

Abstract

This tutorial contains instructions on how to use a Ubiquiti (EdgeMAX) router and configure it to use a Connector profile to connect to CloudConnexa and make the network part of your WPC.

Introduction

You can configure a Ubiquiti compatible router for Network Connector deployment. You must use specific sections from the OpenVPN Connector Profile and apply them to the associated router settings.

Note

You must ensure that your router OS is EdgeRouter X v2.0 or newer.

Downloading the Connector profile

Sign in to the CloudConnexa Administration portal at https://cloud.openvpn.com.

  1. Navigate to Networks and open your router Network.

  2. Click the name of the router Network.

  3. Click the Connectors tab.

  4. Click the Deploy drop-down menu of the Connector you wish to modify.

  5. Select Deploy Connector.

  6. Click Provider Type drop-down menu.

  7. Select Ubiquiti.

  8. Click Download OVPN Profile and save it on your local computer.

Alternatively, you may download the profile by clicking the Network name, and the edit icon for the Network.

Or from the Connectors menu.

Configuring the Ubiquiti (EdgeMAX) router

  1. Copy the .ovpn Profile to the router using secure copy protocol (SCP) between your local computer and the router.

    Access terminal and execute this command:

    scp <path to Profile/Profile_name.ovpn> <username>@<Router_external_IP_Address>:/config/auth,where <path to Profile/Profile_name.ovpn> is the absolute path for the .ovpn Profile, and the username is the to login on your router using SSH and RouterexternalIPAddress as the IP address of the router.

  2. Connect to the router via SSH.

  3. Enter config mode and create a new interface, and commit and save your changes. Use these commands:

    configure

    set interfaces openvpn vtun0 config-file   /config/auth/Profile.ovpn

    Note

    OpenVPN tunnel interface must be name vtun<num>

    commit

    save

    exit

  4. Connect to the router through HTTPS.

  5. Navigate to the Dashboard tab.

  6. Check that your newly created interface <interface_name> exists with an interface type of openvpn, a Connected status, and an assigned IP address.

    edgemax_router.png
In this section:
See also: