This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
configuration:openvpn [2020/06/08 08:00] – [How to create a routed OpenVPN scenario] dodenhoeft | configuration:openvpn [2022/08/05 20:05] (current) – fachet | ||
---|---|---|---|
Line 34: | Line 34: | ||
* Works in layer 2, meaning Ethernet frames are passed over the VPN tunnel | * Works in layer 2, meaning Ethernet frames are passed over the VPN tunnel | ||
* Can be used in bridges | * Can be used in bridges | ||
- | |||
**Disadvantages** | **Disadvantages** | ||
* causes much more broadcast overhead on the VPN tunnel | * causes much more broadcast overhead on the VPN tunnel | ||
Line 45: | Line 44: | ||
* A lower traffic overhead, transports only traffic which is destined for the VPN client | * A lower traffic overhead, transports only traffic which is destined for the VPN client | ||
* Transports only layer 3 IP packets | * Transports only layer 3 IP packets | ||
- | |||
**Disadvantages** | **Disadvantages** | ||
- | |||
* Broadcast traffic is not normally transported | * Broadcast traffic is not normally transported | ||
* Can only transport IPv4 (OpenVPN 2.3 adds IPv6) | * Can only transport IPv4 (OpenVPN 2.3 adds IPv6) | ||
* Cannot be used in bridges | * Cannot be used in bridges | ||
+ | |||
+ | ===== Network setup ===== | ||
+ | |||
+ | For this configuration we will use the most common mode, **__the routing mode__**. | ||
{{: | {{: | ||
+ | |||
+ | ==== Server ==== | ||
+ | ^General^Parameter^ | ||
+ | |Operation mode|Server| | ||
+ | |Server port|1194| | ||
+ | |Type|TUN| | ||
+ | |Protocol|UDP| | ||
+ | |Cipher|AES-256-CBC| | ||
+ | ^Authentication^Parameter^ | ||
+ | |certificate-based| | ||
+ | |HMAC digest|SHA256| | ||
+ | |Manage keys and certifictaes (below)| | ||
+ | ^Options^Parameter^ | ||
+ | |use compression|enable| | ||
+ | |use keepalive|enable| | ||
+ | |||
+ | After you done with the server configuation apply the setting and we will continue with the client configuation. | ||
+ | |||
+ | ==== Client ==== | ||
+ | ^General^Parameter^ | ||
+ | |Operation mode|Client| | ||
+ | |Server port|1194| | ||
+ | |Type|TUN| | ||
+ | |Protocol|UDP| | ||
+ | |Cipher|AES-256-CBC| | ||
+ | ^Authentication^Parameter^ | ||
+ | |certificate-based| | ||
+ | |HMAC digest|SHA256| | ||
+ | |Manage keys and certifictaes (below)| | ||
+ | ^Options^Parameter^ | ||
+ | |use compression|enable| | ||
+ | |use keepalive|enable| | ||
+ | |||
+ | ==== minimal configuration ==== | ||
+ | Generate a static key: | ||
+ | |||
+ | openvpn --genkey --secret static.key | ||
+ | |||
+ | Copy the static key to both client and server, over a pre-existing secure channel. | ||
+ | Server configuration file | ||
+ | |||
+ | dev tun | ||
+ | ifconfig 10.8.0.1 10.8.0.2 | ||
+ | secret static.key | ||
+ | |||
+ | Client configuration file | ||
+ | |||
+ | remote myremote.mydomain | ||
+ | dev tun | ||
+ | ifconfig 10.8.0.2 10.8.0.1 | ||
+ | secret static.key | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
See {{: | See {{: | ||