NetModule Router Wiki

User Tools

Site Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
configuration:openvpn [2020/05/29 12:57]
dodenhoeft [OpenVPN] 		configuration:openvpn [2022/08/05 20:05]
fachet
Line 1: Line 1:
 ====== OpenVPN ====== ====== OpenVPN ======
  
-OpenVPN is a opensourse Software to establish virtual private network(VPN) via encrypted TLS connections. It provides a secure and encrypted user data communication between ​two hosts. the artical will guide you through a typically configuration scenario.+OpenVPN is a opensourse Software to establish virtual private network(VPN) via encrypted TLS connections. It provides a secure and encrypted user data communication between ​different ​hosts and networks
  
 +===== The focus on OpenVPN is on =====
 +
 +  * High compatibility and support for many Operation systems (Linux, OS X, Windows, iOS, and Android)
 +  * High stability
 +  * Easy Scalability
 +  * Flexible VPN client extenions
 +  * Easy installation ​
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +===== How to setup OpenVPN ​ =====
 +
 +The following step by step instruction will guide you through a OpenVPN configuration. So basically OpenVPN does have two different modes:
 +
 +
 +
 +__**Bridge mode (TAP):**__
 +
 +**Advantages**
 +  *  behaves like a real network adapter (except it is a virtual network adapter)
 +  *  can transport any network protocols (IPv4, IPv6, Netalk, IPX, etc, etc)
 +  *  Works in layer 2, meaning Ethernet frames are passed over the VPN tunnel
 +  *  Can be used in bridges
 +**Disadvantages**
 +  * causes much more broadcast overhead on the VPN tunnel
 +  * adds the overhead of Ethernet headers on all packets transported over the VPN tunnel
 +  * scales poorly
 +
 +__**Routing Mode (TUN)**__
 +
 +**Advantages**
 +  * A lower traffic overhead, transports only traffic which is destined for the VPN client
 +  * Transports only layer 3 IP packets
 +**Disadvantages**
 +  *  Broadcast traffic is not normally transported
 +  *  Can only transport IPv4 (OpenVPN 2.3 adds IPv6)
 +  *  Cannot be used in bridges
 +
 +===== Network setup =====
 +
 +For this configuration we will use the most common mode, **__the routing mode__**.
 +
 +{{:​configuration:​openvpn1.png|}}
 +
 +==== Server ====
 +^General^Parameter^
 +|Operation mode|Server|
 +|Server port|1194|
 +|Type|TUN|
 +|Protocol|UDP|
 +|Cipher|AES-256-CBC|
 +^Authentication^Parameter^
 +|certificate-based|
 +|HMAC digest|SHA256|
 +|Manage keys and certifictaes (below)|
 +^Options^Parameter^ ​
 +|use compression|enable|
 +|use keepalive|enable|
 +
 +After you done with the server configuation apply the setting and we will continue with the client configuation.
 +
 +==== Client ====
 +^General^Parameter^
 +|Operation mode|Client|
 +|Server port|1194|
 +|Type|TUN|
 +|Protocol|UDP|
 +|Cipher|AES-256-CBC|
 +^Authentication^Parameter^
 +|certificate-based|
 +|HMAC digest|SHA256|
 +|Manage keys and certifictaes (below)|
 +^Options^Parameter^ ​
 +|use compression|enable|
 +|use keepalive|enable|
 +
 +==== minimal configuration ====
 +Generate a static key:
 +
 +    openvpn --genkey --secret static.key
 +
 +Copy the static key to both client and server, over a pre-existing secure channel.
 +Server configuration file
 +
 +    dev tun
 +    ifconfig 10.8.0.1 10.8.0.2
 +    secret static.key
 +
 +Client configuration file
 +
 +    remote myremote.mydomain
 +    dev tun
 +    ifconfig 10.8.0.2 10.8.0.1
 +    secret static.key
  
  
Line 8: Line 110:
  
  
-===== How to create a routed OpenVPN scenario ===== 
 See {{:​nrsw:​openvpn.pdf|}} See {{:​nrsw:​openvpn.pdf|}}
  

Page Tools

configuration/openvpn.txt ยท Last modified: 2022/08/05 20:05 by fachet