VPN Questions

Gibbyk · 2021-02-06 19:09:17 UTC

Sorry, just recently changed out my gear from Ubiquity to GS. I’m trying to set up a VPN connection back to my lab but I want to be able to connect from anywhere. What would be the best way to set this up. Everything I see on the web is talking about OpenVPN which looks great when using 2xGWN7000. Directions are not too clear if it setting else up. Any help would be appreciated. Been testing for a week now along with three GWN7630’s. Been very happy with the performance. Thanks you in advance.

Bogdan.parkhomenko · 2021-02-07 01:00:32 UTC

here is good video

good luck

SuperAtaru · 2021-02-08 06:26:03 UTC

Hi.
I use OpenVPN for roaming users. For Site-to-Site i use IPSec.
GWN7000 (atm) can build only one *IPSec-VPN per WAN. Pay attention: remote peer must have a static IP address.
Anyway, it works fine both with my ZyXEL USGs and Mikrotik RBs peers.
Once defined IPSec rules, you can auto-add firewall rules an declare network you want to include.
GWN7000 automatically add routing between different tunnels (you better manage firewall rules in/out to better control traffic)…
For example: i got an IPSEC tunnel A====B. I got also OpenVPN tunnels to B.
PBX–A=IPSEC=B(GWN7000).–(OpenVPN)–C(GSWave-MobilePhone)
I can use my Extensions on the PBX behind router A, with GSWave active on the remote MobilePhone connected, thru OpenVPN, to B.

*edited

Gibbyk · 2021-02-08 14:41:48 UTC

So it sound like if I want access to a file server to pull file when needed out in the field I will have to use OpenVPN? Is that correct?

SuperAtaru · 2021-02-08 16:43:36 UTC

Not necessarily.
You always can access with OpenVPN, if you know how to reach your WANx GWN7000 Iface.
-> OpenVPN Client;
You always should can access with IPSec, if you know how to reach your WANx GWN7000 Iface.
-> IPSec Client. I wrote “should”, as i got to test it with Shrew Software.
You can’t build a VPN Point to point IPSec tunnel, if Peer has not a public static IP (in VPN Settings, atm, device does not allow DNS names. It accepts only X.Y.Z.V addresses (and not, for example myFirewall.ddns.net).

Anyway, i use OpenVPN from PC, Mobile, etc… i reach my GWN7K from almost everywhere.
Once VPN is up, it only depends on your rules.

I hope it could help.