Below you will find a detailed guide for setting up or updating the OpenVPN clients of an Advantech router (as well as the mdex routers of the MX7 series) to use the IP services 'mdex fixed.IP+ via OpenVPN' (security level 30) and 'mdex public.IP via OpenVPN' (security level 30).
Contents:
Setting up the OpenVPN client
Updating the OpenVPN clients to 'security level 30'
Download router configuration file
Setting up the OpenVPN client
Please note that this only describes the setup of the OpenVPN clients for using the IP services 'mdex fixed.IP+ via OpenVPN' or 'mdex public.IP via OpenVPN', but not all other necessary router settings for the respective use case.
- Download the attached configuration file under Download router configuration file (below).
- Log in to the router's web interface.
- It is recommended to perform a firmware update to the latest version under Administration -> Update Firmware. Current firmware versions can be found on the Advantech homepage at https://icr.advantech.com/firmware.
- Under Administration -> Restore Configuration, select the attached configuration file with 'Browse' and load it into the router by clicking 'Apply':
-
Under Configuration -> OpenVPN for the desired OpenVPN tunnel
- 1st OpenVPN tunnel: mdex fixed.IP+ (security level 30)
- 2nd OpenVPN tunnel: mdex public.IP (security level 30)
Enter the username & password of the mdex OpenVPN device, activate the tunnel with 'Create OpenVPN tunnel' and save the settings by clicking 'Apply' (below).
- Additional settings are required only when setting up a 'mdex public.IP via OpenVPN':
-
Under Configuration -> Startup Script, the following part must be added:
# Flushconntrack for openvpn echo "#!/bin/sh conntrack -F " > /tmp/flushconntrack.sh chmod 755 /tmp/flushconntrack.sh(This causes data packets to be routed again immediately through the OpenVPN tunnel after an interruption and restoration of the OpenVPN connection.)
- To ensure that DNS resolution works reliably even after establishing the OpenVPN connection, a publicly reachable DNS server must be set under the mobile network settings at Configuration -> Mobile WAN, e.g. the mdex DNS server 46.16.216.25:
-
- Now trigger a "reboot" of the router.
- As soon as the router has an internet connection, the activated OpenVPN client will establish a connection to mdex.
- Please check especially when using a mdex public.IP whether any firewall settings need to be made in the router to ensure that no unwanted ports or services of the router are unrestrictedly accessible from the internet. See also Security notes when using a public IP address (public.IP).
Updating the OpenVPN clients to 'security level 30'
If the Advantech router is already configured with both mdex OpenVPN clients of an older security level, these can be updated to the current security level 30 using the following steps.
- 1st OpenVPN tunnel: mdex fixed.IP+ (security level 30)
- 2nd OpenVPN tunnel: mdex public.IP (security level 30)
OpenVPN username & password, port, protocol and current status (active/inactive) remain unchanged and are taken from the original client configuration.
Procedure:
- Download the attached configuration file under Download router configuration file (below).
- Log in to the router's web interface.
- It is recommended to perform a firmware update to the latest version under Administration -> Update Firmware. Current firmware versions can be found on the Advantech homepage at https://icr.advantech.com/firmware.
- Under Administration -> Restore Configuration, select the attached configuration file with 'Browse' and load it into the router by clicking 'Apply':
-
The OpenVPN settings have now been updated:
- 1st OpenVPN tunnel: mdex fixed.IP+ (security level 30)
- 2nd OpenVPN tunnel: mdex public.IP (security level 30)
OpenVPN username & password, port, protocol and current status (active/inactive) are not overwritten, but taken from the original configuration.
- Now trigger a "reboot" of the router, then the active OpenVPN client will establish a connection to mdex. The update of the OpenVPN clients is now complete.
Download router configuration file
The attached configuration file contains the following OpenVPN configuration settings:
- 1st OpenVPN tunnel: mdex fixed.IP+ (security level 30)
- 2nd OpenVPN tunnel: mdex public.IP (security level 30)
Please note that this configuration file may overwrite any existing OpenVPN settings in the router for the 1st tunnel and 2nd tunnel.
(OpenVPN username & password, port, protocol and current status (active/inactive) remain unchanged and are taken from the original client configuration or the router's default settings. Thus, the configuration file can also be used for upgrading the OpenVPN clients.)