Configuring VPN Settings
When you deploy the network hub, you configure network hub settings. If necessary, you can modify these settings.
If you modify network hub settings, you must download configuration files for all Veeam PN clients and re-deploy them on site gateways and standalone computers. If you do not download and re-deploy configuration files, clients will lose a connection to the VPN. For more information, see Modifying Clients Settings.
To configure network hub settings:
- Log in to the network hub portal as a Portal Administrator.
- In the configuration menu on the left, click Settings.
- Click the VPN tab.
- In the Network hub public IP or DNS name field, enter an IP address or full DNS name of the network hub. The IP address or DNS name must be public.
- Select the Enable site-to-site VPN check box to enable site-to-site communication between remote networks. In the fields below, specify settings for the site-to-site scenario:
- From the Protocol list, select a protocol over which sites will communicate with each other: UDP or TCP.
- In the Port list, specify a port on which the network hub must listen for site gateway connections. By default, port 1194 is used.
- Select the Enable point-to-site VPN check box to enable point-to-site communication for standalone computers. In the fields below, specify settings for the point-to-site scenario:
- From the Protocol list, select a protocol over which standalone computers will communicate with the network hub: UDP or TCP.
- In the Port list, specify a port on which the network hub must listen for standalone computers connections. By default, port 6179 is used.
- Click Apply to save modified settings.
It is recommended that you use the UDP protocol. While TCP guarantees delivery of data packets, UDP ensures faster data transmission since it does not require any data flow control.
Changing Advanced VPN Server Settings
In some cases, you may need to change advanced VPN settings. To do this, you can edit VPN configuration files manually.
You must edit VPN configuration files only after you configure the network hub appliance with Veeam PN Web UI.
To change advanced VPN settings:
- Enable SSH access to the network hub appliance. For more information, see Enabling and Disabling SSH Access.
- Сonnect to the network hub appliance over an SSH client.
- Edit the following configuration files:
- /etc/veeampn/SiteOVPN.cfg — site-to-site VPN configuration files.
- /etc/veeampn/EndpointOVPN.cfg — VPN configuration files for standalone clients.
- After you edit configuration files, disable and re-enable the site-to-site and/or point-to-site services. For more information, see Enabling and Disabling Veeam PN Services.
- Disable SSH access to the network hub appliance if you no longer need it.
The most popular example of advanced VPN settings is pushing DHCP options to standalone clients, like DNS/WINS server configuration. For more information, see https://openvpn.net/index.php/open-source/documentation/howto.html#dhcp.