CR202_Accessing end devices behind InHand CR202 via OpenVPN

CR202_Accessing end devices behind InHand CR202 via OpenVPN

Accessing end devices behind a router via OpenVPN is commonly used for remote monitoring and maintenance. 

For InHand IR serial routers, InHand InConnect Service portal(https://ics.inhandnetworks.com/) is an user-friendly and straightforward option to establish OpenVPN connections.

However, CR202 routers are not supported by InConnection Service portal. 

This article walks through a basic OpenVPN remote-access setup using an InHand CR202 as the OpenVPN server. The goal is to allow a PC/client on a public network to securely access end devices located behind the CR202 through an OpenVPN tunnel. 

Be noted, CR202 needs to have static and public IP from the carrier.

The topology of the demo:

In this demo, testing is performed within a local network environment. As a result, the CR202’s WAN IP appears as a 10.x.x.x private address. In real deployments, this would typically be a public IP address.

CR202

  1. Acts as the OpenVPN server
  1. LAN side connects to end devices (PLCs, sensors, controllers, etc.)

PC
  1. Acts as the OpenVPN client

(IR302)
  1. It's just a networking device providing Internet services to the PC. No extra OpenVPN setting is needed.



CR202 OpenVPN server setup:


How to setup OpenVPN config file for PC

An example .ovpn OpenVPN config fire for PC as a client. CA and Certificate are removed. Please add your own ones. 
================================================
client
dev tun
proto tcp-client
remote 10.0.0.13 1194  # Replace with your server's public IP
resolv-retry infinite
nobind
persist-key
persist-tun
#remote-cert-tls server
ns-cert-type server    # OpenVPN 2.3

# Encryption settings (must match server)
cipher BF-CBC
auth SHA1

# Certificate files
<ca>
-----BEGIN CERTIFICATE-----
XXXXXX
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
XXXXXX
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
XXXXXX
-----END PRIVATE KEY-----
</key>

# Optional settings
mute-replay-warnings
auth-retry nointeract
verb 3
===============================================

When the setup is done, we should be able to ping CR202's local network from PC: