Open the OpenVPN dialog to configure camera's OpenVPN client settings.
For more information about OpenVPN, visit the OpenVPN Community website.
Creating an OpenVPN connection requires a corresponding server, which provides secure access to the camera. To do so, you could run your own OpenVPN server or use the service from an OpenVPN provider.
Parameter |
Description |
---|---|
OpenVPN |
Enables or disables the OpenVPN client. |
Server Address |
Enter the address to which the OpenVPN client will connect. |
Server Port |
Enter the port to which the OpenVPN server is listening for incoming connections. (OpenVPN option |
Encryption |
Select the encryption cipher that is being used. The encryption ciphers are included in the OpenSSL library. For additional information on this topic, see the following websites: |
Communication Protocol |
Depending on the OpenVPN server settings, you can choose UDP or TCP. |
LZO Compression |
Use this option to enable LZO data compression. For more information about LZO, see www.oberhumer.com. |
Maximum Fragment Size |
UDP only! Set the size of the data fragments to n bytes. This can help prevent the fragmentation of UDP packets. (OpenVPN option |
mssfix Size |
UDP only! Improves the TCP connection over the UDP tunnel by reducing the TCP packet size. (OpenVPN option |
TUN Device MTU |
Set the MTU of the used TUN device. This depends on the connection type used. (OpenVPN option |
MTU Test |
UDP only! This test can help in finding good MTU parameters. Do not use this test in normal operation mode. |
Ping Interval |
Sends a ping to the remote server over the tunnel if no packets have been sent for at least n seconds. This option keeps the tunnel open if the connection between the camera and the server runs over a stateful inspection firewall. (OpenVPN option |
Ping Restart |
If the remote server is not sending a ping or other packet for more than n seconds, the OpenVPN client on the camera will restart the connection. (OpenVPN option |
Renegotiation |
Renegotiates the data channel key after n seconds (default is 3600s). Once the timeout is reached on either the server or the client side, the camera starts the renegotiation process. Setting this value to 0 disables client-side renegotiation. (OpenVPN option |
Parameter |
Description |
---|---|
VPN Certificates |
If the private key is protected by a Passphrase, enter the corresponding Passphrase in this field. The keyfiles can managed in the Manage VPN Certificates dialog. |
VPN User Name |
Enter the OpenVPN user name in this field. (OpenVPN option |
VPN Password |
Enter the OpenVPN password in this field. (OpenVPN option |
Parameter |
Description |
---|---|
VPN Logging Level |
|
The Manage VPN Certificates dialog manages the certificates that are used to establish OpenVPN connections.
To authenticate the server against the camera, a certificate from an Certificate Authority (CA) is required. In addition, it is possible to use an RSA-based public/private key pair to authenticate the camera against the server.
Parameter |
Description |
---|---|
Certificate Authority (CA) Certificate |
Use this section to store a new certificate from a CA in the camera. Upload: uploads a certificate in .PEM format to the camera. Delete: Removes the certificate. |
Client Certificate |
Use this section to store a new public key in the camera for authenticating the camera against the server. Upload: uploads a certificate in .PEM format to the camera. Delete: Removes the certificate. |
Client Key |
The private key contains the secret part of the public/private key authentication scheme. Use this section to store a new private key in the camera. Upload: uploads a private key in .PEM format to the camera. Delete: Removes the private key. To enter the Passphrase, go back to the OpenVPN dialog. |
1. |
Which types of VPN are supported? |
This implementation currently supports the OpenVPN protocol in point-to-point mode (routing). |
|
2. |
Which type of encryption is used? |
You can select different encryption ciphers depending on the requirements of the server. |
|
3. |
How can I recognize if a connection is valid or not? |
The VPN log file should contain the message " |
|
4. |
Why aren't the certificates accepted by the server? |
|
1. |
The camera cannot establish a connection to the OpenVPN server. |
|
|
2. |
TLS ERROR |
|
|
3. |
No client-side authentication method is specified. |
|
|
4. |
Network is unreachable, Check your network connectivity. |
|
|
5. |
HOST_NOT_FOUND, Cannot resolve host address, The specified host is unknown |
|
|
6. |
Write to TUN/TAP: Invalid argument (code=22) |
Make sure that you are using the same settings for LZO Compression on the server and the client. |
Click on the Set button to activate your settings and to save them until the next reboot of the camera.
Click on the Factory button to load the factory defaults for this dialog (this button may not be present in all dialogs).
Click on the Restore button to undo your most recent changes that have not been stored in the camera permanently.
Click on the Close button to close the dialog. While closing the dialog, the system checks the entire configuration for changes. If changes are detected, you will be asked if you would like to store the entire configuration permanently.