This Configuration Guide shows how to set up two parallel OpenVPN tunnels to two different OpenVPN servers.

Situation

An INSYS Smart Device has two independent local networks. It is necessary to set up an OpenVPN connection to a separate OpenVPN server for each network for example for accessing these networks from remote. This can be achieved using WAN groups.

cg parallel vpn

Solution

It is prerequisite that you have access to the web interface of the router and the router has been comissioned using the Startup Wizard. The Startup Wizard configures a WAN interface and a local LAN network for your router. You’ll now add an additional LAN network, configure OpenVPN tunnels for each local network and add a WAN group to the WAN chain that contains the two parallel OpenVPN tunnels. The WAN chain defines the WAN connection. It is the sequential arrangement of interfaces that defines the establishment of a WAN connection. A WAN group is a parallel arrangement of interfaces for the use in a WAN chain that can be started or stopped together.

  1. Open web interface of the router using a browser: 192.168.1.1 [1]

  2. In the HelpWizards menu, click on Additional LAN () and configure it:

    • Interface: net4

    • Port: 1.4 [2]

    • Description: Local LAN B

    • IP address / Netmask: 192.168.4.1 / 24 [3]

    • Allow traffic from new interface to: net3 - WAN [4]

    • Allow traffic to new interface from: net3 - WAN

  3. Click on Execute Wizard.

  4. In the InterfacesIP net 2 (net2) menu, change the Description to Local LAN A.

  5. In the InterfacesOpenVPN menu, add an OpenVPN tunnel () and edit it ().

  6. Enter as Description OpenVPN Client A and configure the Open VPN client for a connection to the OpenVPN server for network A. [5]

  7. Click on Save settings.

  8. In the InterfacesOpenVPN menu, add an OpenVPN tunnel () and edit it ().

  9. Enter as Description OpenVPN Client B and configure the Open VPN client for a connection to the OpenVPN server for network B.

  10. Click on Save settings.

  11. In the WANWAN groups menu, add a WAN group () and edit it ().

  12. Enter a Description and check the two OpenVPN tunnels defined above under Interfaces. [6]

  13. Click on Save settings.

  14. In the WANWAN chains menu, go to the WAN chain entered by the Startup Wizard (wan1), add an interface to the WAN chain () and edit it ().

  15. Under Interface, select the WAN group defined above. [7]

  16. Click on Save settings.

  17. Activate the profile by clicking the blinking gear in the title bar ().

  18. In the StatusSystem status menu, enter a Refresh cycle of a few seconds and click on OK to see how the WAN chain containing the two parallel OpenVPN connections is being established.

cg parallel wan chain

Troubleshooting

  • You may disable the netfilters in the NetfilterIP filter menu temporarily to find out if wrong filter settings are the cause for connection problems.

Back to the Configuration Guides for icom OS Smart Devices

Back to overview

1. Login depending on configuration; default for past firmware versions: User name: insys, Password: icom
2. This assigns port 1.4 of the switch to this network.
3. This is an exemplary IP address for the local LAN network and can be changed accordingly to suit your application.
4. This adds IP filter rules that permit traffic between this network and the WAN network.
5. The detailed configuration of the OpenVPN client is not part of this Configuration Guide since it depends on the Open VPN server. Refer to the operator of the OpenVPN server for necessary settings. Certificates or keys must be uploaded in the Certificate Manager in the AdministrationCertificates menu first before they can be used for the OpenVPN configuration here. Click on Display help text () for more information about the OpenVPN configuration.
6. This creates a WAN group that starts and stops the two OpenVPN interfaces together in a WAN chain.
7. This adds the two parallel OpenVPN interfaces to the WAN chain.