Integration guides for Windows, MAC and Linux
Please check our integration guides for Windows, Linux and MacOS:
Differences between OpenVPN and IPSec
EMnify offers different types of VPN:
- The OpenVPN should be used to remotely access devices using EMnify SIM cards from any computer. We have guides to do so for Windows, Linux and MacOS.
- IPSec can be used to create a direct connection between an application server and devices connected to the Internet using EMnify SIM cards. With an IPSec, all traffic to and from the devices to and from the application server will go through the tunnel, be encrypted and secured without using the public Internet. It enables the devices to directly access the application within the same network. With the Cloud-Connect feature, EMnify offers quick IPSec configuration. For AWS users, they can use the Transit Gateway feature and keep all traffic within AWS..
OpenVPN limitations
By default, we don't block any port or IP for OpenVPN.
Does all traffic go through the OpenVPN tunnel?
Establishing the VPN tunnel will not route all traffic through the VPN tunnel. Only traffic from the device to the Open VPN client IP will be routed through the tunnel - and vice versa from the client to the device private IP address. Traffic send from the device to a public IP address will be routed through the Internet. If you want to send data to a full private IP address range, you can use our Cloud Connect / IPsec solution.
How can I change from UDP to TCP?
As mentioned before, EMnify's OpenVPN configuration supports both protocols and clients can choose the one they want to use. The standard protocol used is UDP. To change the protocol, you first need to download the configuration file in the EUI:
Log in your account and click on the link symbol on the upper right corner called "Tokens, IPs and VPNs setup". Find the category "VPN configuration" and download the configuration that fits with your OS and Regional Internet Breakout.
Once you have downloaded the configuration file, you can edit it with a text editor (we advise you to use Notepad++): open the file ".openvpn" for windows" and ".conf" for Linux and look for "proto udp" (3rd line). Change it to "proto tcp" if you want to switch to TCP.
Linux users also need to change the 7th line from "explicit-exit-notify 3" to ";explicit-exit-notify 3" By adding ";" you disable this function.
What IP is being assigned to my OpenVPN client?
The OpenVPN is assigning the IP from 10.64.0.0/10 range for UDP traffic and 10.240.0.0/12 for TCP traffic.
Please notice that this IP will not change over time, as long as you are using the same application token.
Are OpenVPN traffic negotiations going to add up to my data usage?
No. OpenVPN traffic negotiation (e.g. keepalive) between the OpenVPN client and the OpenVPN server do not contribute to your data usage
Can I setup multiple VPN connections?
If multiple users within a company wish to access their devices via VPN at the same time, they can. In our integration guides for Windows, Mac and Linux we describe how to setup the VPN connection. Two authentication methods are available:
- Org ID + Application Token
- Username + password
In order to setup several VPN connections at the same time for one account, the second authentication methods needs to be used: Username + password as credentials (please use one username per connection). You cannot use the Organization ID more than once at the same time to authenticate.
Users need to have administrator rights to use the VPN.
Frequent disconnections when using OpenVPN
Please ensure that your configuration has the most recent OpenVPN configuration provided on the portal. You can check out Integration guides for Windows, MAC and Linux for the latest OpenVPN configuration.
Please check if multiple users within the company are using the VPN. In case several users are authenticated using OrgID + Token, you will experience disconnections.
In order to setup several VPN connections at the same time for one account, you will need to authenticate using Username + password as credentials (Please use one username per connection)
Users need to have administrator rights to use the VPN.
Can I configure OpenVPN to access only a subset of IPs?
This is not possible. OpenVPN will provide you access to all the devices assigned to your account. No further configuration is available.
Comments
0 comments
Please sign in to leave a comment.