In the IIoT environment, the security of remote access and data transmission is of utmost importance. OpenVPN is an open-source, UDP- or TCP-based virtual private network (VPN) protocol that is widely popular for its high security, ease of use, and cross-platform support. Configure OpenVPN server on 4G industrial router to provide secure and encrypted access channels for remote users and devices, ensuring the privacy and integrity of data transmission.

1. What is OpenVPN overview

OpenVPN is an open source-based protocol that uses TCP or UDP protocols to create encrypted point-to-point or site-to-site connections over unreliable networks. OpenVPN allows remote users to securely access internal network resources over the public Internet as if they were directly connected to the internal network. It uses the TLS/SSL protocol to ensure the security of data transmission and provides a variety of authentication and encryption options to meet different security requirements.

2. Preparations before configuration

2.1 Choose the right 4G industrial router

First, you need to choose a 4G industrial router that supports OpenVPN. Most modern 4G industrial routers have VPN capabilities, but not all routers support OpenVPN. Therefore, when purchasing a router, make sure to confirm whether it supports the OpenVPN protocol.

2.2 Prepare the OpenVPN software package

If the router supports OpenVPN but is not pre-installed, you need to download the corresponding software package from the OpenVPN official website or the router manufacturer's official website. Ensure that the downloaded version is compatible with the router's operating system and hardware architecture.

2.3 Planning network architecture

Before configuring OpenVPN, it is necessary to plan the network architecture, including the IP address range of the internal network, the IP address of the VPN server, the IP address allocation policy for remote clients, and the routing policy.

3. Configure OpenVPN server

3.1 Install OpenVPN Package

Upload the downloaded OpenVPN package to the router and install it according to the instructions provided by the router manufacturer. The installation process may include steps such as decompressing the software package, copying files to a specified directory, and setting necessary permissions.

3.2 Configure VPN server

① Create a configuration file: Create a new OpenVPN configuration file on the router, usually named server.ovpn or vpn-server.conf, and edit the file to include the necessary configuration instructions. These instructions include but are not limited to:

② proto udp or proto tcp: Specifies the type of protocol to use.

③ Port 1194: The port number designated for the VPN server to listen on can be modified as needed.

④ ca ca.crt, cert server.crt, key server.key: Specify the paths for the CA certificate, server certificate, and private key.
⑤ dh dh2048.pem: Specify the path of the Diffie-Hellman key exchange file.

⑥ server 10.8.0.0 255.255.255.0: specify the IP address range and subnet mask of the VPN network.
⑦ push "redirect-gateway def1 bypass-dhcp": Optional configuration, used to redirect the default gateway of remote clients to the VPN server.

⑧ user nobody and group nogroup: Specify the user and group that run the OpenVPN service, which can be changed as needed.

Generate certificates and keys: If you have not generated CA certificates, server certificates, and private keys, you need to use tools such as OpenSSL to generate them. These certificates and keys will be used to encrypt and decrypt data in the VPN connection.
Configure routing and firewall: Ensure that the routing table and firewall rules on the router allow VPN traffic to pass through. You may need to add new routing table entries to route specific traffic to the VPN network, and configure firewall rules to allow or deny specific VPN ports and protocols.

3.3 Start OpenVPN Service

After configuring all necessary settings, start the OpenVPN service using the commands or management tools provided by the router. After the service is started, you can use commands such as ps and top to check whether the OpenVPN process is running, and use commands such as netstat to check whether the VPN port is correctly listening.

4.Configure remote client

4.1 Install OpenVPN client software

Install OpenVPN client software on the remote computer or device. OpenVPN provides client software for multiple platforms, including Windows, macOS, Linux, iOS, and Android.

4.2 Import configuration files and certificates

Import the configuration files of the VPN server, such as client.ovpn, and the necessary certificate files, such as ca.crt, client.crt, and client.key, into the OpenVPN client software. These files are usually provided by the VPN server administrator.

4.3 Connect to VPN

In the OpenVPN client software, select the imported configuration file and try to connect to the VPN server. If everything is normal, the client will successfully establish an encrypted VPN connection and can securely access internal network resources through the connection.

5.Testing and Validation

5.1 Verify VPN connection

Use commands such as ping and traceroute to test whether the VPN connection is successfully established. You can try pinging other devices or servers in the VPN network to verify network connectivity.

5.2 Checking safety

Use a network packet capture tool such as Wireshark to check whether the data on the VPN connection is encrypted. Ensure that no unencrypted data is leaked onto the public network.

5.3 Performance test

Conduct network performance testing, including upload/download speed, latency, and packet loss rate. Ensure that the VPN connection meets the requirements of industrial IoT applications.

Configuring an OpenVPN server on a 4G industrial router is a complex process involving multiple steps and technologies. Through reasonable planning and configuration, a secure, efficient, and scalable remote access solution can be provided for enterprises. As senior R&D engineers in the Industrial Internet of Things, we should have a deep understanding of the working principles and configuration methods of OpenVPN, and provide customized solutions for customers based on their actual needs.