Table of Contents   MOBOTIX Online Help

OpenVPN Configuration

Open the OpenVPN dialog to configure camera's OpenVPN client settings.

For more information about OpenVPN, visit the OpenVPN Community website.


Requirements

Creating an OpenVPN connection requires a corresponding server, which provides secure access to the camera. To do so, you could run your own OpenVPN server or use the service from an OpenVPN provider.


General OpenVPN Setup

Parameter Description
OpenVPN Enables or disables the OpenVPN client.
Server Address Enter the address to which the OpenVPN client will connect.
Server Port Enter the port to which the OpenVPN server is listening for incoming connections.
(OpenVPN option --rport port)
Cipher Select the encryption cipher that is being used.
The encryption ciphers are included in the OpenSSL library.
For additional information on this topic, see the following websites:
Communication Protocol Depending on the OpenVPN server settings, you can choose UDP or TCP.
LZO Compression Use this option to enable LZO data compression. For more information about LZO, see www.oberhumer.com.
Maximum Fragment Size UDP only! Set the size of the data fragments to n bytes. This can help prevent the fragmentation of UDP packets.
(OpenVPN option --fragment max)
mssfix Size UDP only! Improves the TCP connection over the UDP tunnel by reducing the TCP packet size.
(OpenVPN option --mssfix max)
TUN Device MTU Set the MTU of the used TUN device. This depends on the connection type used.
(OpenVPN option --tun-mtu n)
MTU Test UDP only! This test can help in finding good mtu parameters. Do not use this test in normal operation mode.
Ping Interval Sends a ping to the remote server over the tunnel if no packets have been sent for at least n seconds. This option keeps the tunnel open if the connection between the camera and the server runs over a stateful inspection firewall.
(OpenVPN option --ping n)
Ping Restart If the remote server is not sending a ping or other packet for more than n seconds, the OpenVPN client on the camera will restart the connection. (OpenVPN option --ping-restart n)
Renegotiation Renegotiates the data channel key after n seconds (default is 3600s). Once the timeout is reached on either the server or the client side, the camera starts the renegotiation process. Setting this value to 0 disables client-side renegotiation.
(OpenVPN option --reneg-sec n)

Authentication

Parameter Description
VPN Certificates If the private key is protected by a Passphrase, enter the corresponding Passphrase in this field. The keyfile can managed in the Manage VPN Certificates dialog.
VPN User Name Enter the OpenVPN user name in this field.
(OpenVPN option --auth-user-name)
VPN Password Enter the OpenVPN password in this field.
(OpenVPN option --auth-user-pass)

Logging Options

Parameter Description
VPN Logging Level
  • 0: No output except fatal errors
  • 1: Small amount of status information
  • 2: More status information, e.g., certification and encryption status
  • 3: Even more status information
  • 4: Full status information

Manage VPN Certificates

The Manage VPN Certificates dialog manages the certificates that are used to establish OpenVPN connections.

To authenticate the server against the camera, a certificate from an Certificate Authority (CA) is required. In addition, it is possible to use an RSA-based public/private key pair to authenticate the camera against the server.

Parameter Description
Certificate Authority (CA) Certificate

Use this section to store a new certificate from a CA in the camera.

Upload: uploads a certificate in .PEM format to the camera.
Delete: removes the certificate.

Client Certificate

Use this section to store a new public key in the camera for authenticating the camera against the server.

Upload: uploads a certificate in .PEM format to the camera.
Delete: removes the certificate.

Client Key

The private key contains the secret part of the public/private key authentication scheme. Use this section to store a new private key in the camera.

Upload: uploads a private key in .PEM format to the camera.
Delete: removes the private key.

To enter the Passphrase, go back to the OpenVPN dialog.

FAQs and Error Messages

Frequently Asked Questions

Error Messages

Additional Information


Storing the Configuration

Click on the Set button to activate your settings and to save them until the next reboot of the camera.

Click on the Factory button to load the factory defaults for this dialog (this button may not be present in all dialogs).

Click on the Restore button to undo your most recent changes that have not been stored in the camera permanently.

Click on the Close button to close the dialog. While closing the dialog, the system checks the entire configuration for changes. If changes are detected, you will be asked if you would like to store the entire configuration permanently.


© 2001-2020 MOBOTIX AG, Germany · http://www.mobotix.com/