This HowTo document describes how to add a Windows PC to rsp.mbCONNECT24 as an VPN-Client. This provides you the ability to connect a Windows computer, as a VPN-client, via a secure VPN tunnel worldwide.
1. First, login to your account at the portal rsp.mbCONNECT24 through mbDIALUP.
2. Add a new device with the symbol in the rsp.mbCONNECT24 portal. As “Device Type”, the “VPN-CLIENT“ must be chosen:
3. Check the LAN IP address of this VPN-client configuration, with the IP address of your Windows PC. They must be the same. With the symbol you can edit the LAN settings:
4. Download and save the configuration file of this device to the PC, by clicking on the symbol:
5. Unzip the .zip – file “mbCONNECT24.zip“. You have the file “vpnclient.ovpn“ and the folder “private“, where the file “user_passw.auth“ is included, now.
6. Please copy the file “vpnclient.ovpn“ and the folder “private“, where the file “user_passw.auth“ is included, to the configuration folder of the software OpenVPN GUI. At this example, the configuration folder is under “C:\Program Files\OpenVPN\config“.
“C:“ is the location, where OpenVPN GUI has been installed in this example, this may vary.
7. Start the software OpenVPN GUI. The symbol must appear in your computer task bar now. With a right-click on this symbol, there will be more options showed.
By clicking on “Connect“, the VPN connection to rsp.mbCONNECT24 will be established.
Under “Edit Config“ you can change the configuration file. Maybe you have to change the phrase “script-security“ to the parameter “2“. This directive offers policy-level control (0-3) over OpenVPN's usage of external programs and scripts. Lower level values (e.g. 0) are more restrictive, higher values (e.g. 3) are more permissive.
8. If all settings are correct, your Windows computer comes up online in rsp.mbCONNECT24 and you are now able to establish a VPN connection to this PC:
T R O U B L E S H O O T:
The most known issue comes with the Windows routing Table. In our example here the VPN-Client has its VPN-IP 10.0.212.9. In rsp.mbCONNECT24 Standard Account we would have then 10.0.212.1 as the Server-IP. Every traffic between mbDIALUP and the VPN-Client has to be routed through the Server-IP (here: 10.0.212.1). Sometimes Windows is not adding the routes correctly or changes the metric. If you see with "route print" something like this:
10.0.212.0 255.255.255.0 On Connection 10.0.212.9 281
10.0.212.0 255.255.255.0 10.0.212.1 10.0.212.9 281
the metric is same on both entry. We only need the second line or even have this as the lowest metric. Therfore we can add our own routing script to the openvpn configfile.
Attached you can find the BATCH Windows Script "routeup.bat" please copy this to your folder where your configfile is located. Then adjust your config-file like this:
"...
route-noexec
route-up routeup.bat
..."
This will execute the "routeup.bat" everytime the client gets connected and it will add the routes. So after the client is connected we should see something like this with "route print":
10.0.212.0 255.255.255.0 10.0.212.1 10.0.212.9 26
If you are using the OpenVPN >= 2.4.5 then add "tls-cipher "DEFAULT:@SECLEVEL=0" " to your config-file.
| Typ: HowTo | Revision: EN-mbconnect24-03-V1.2 | Date: 22.10.2019 |
|---|