====== OpenVPN ======

OpenVPN is a opensourse Software to establish virtual private network(VPN) via encrypted TLS connections. It provides a secure and encrypted user data communication between different hosts and networks. 

===== The focus on OpenVPN is on =====

  * High compatibility and support for many Operation systems (Linux, OS X, Windows, iOS, and Android)
  * High stability
  * Easy Scalability
  * Flexible VPN client extenions
  * Easy installation 











===== How to setup OpenVPN  =====

The following step by step instruction will guide you through a OpenVPN configuration. So basically OpenVPN does have two different modes:



__**Bridge mode (TAP):**__

**Advantages**
  *  behaves like a real network adapter (except it is a virtual network adapter)
  *  can transport any network protocols (IPv4, IPv6, Netalk, IPX, etc, etc)
  *  Works in layer 2, meaning Ethernet frames are passed over the VPN tunnel
  *  Can be used in bridges
**Disadvantages**
  * causes much more broadcast overhead on the VPN tunnel
  * adds the overhead of Ethernet headers on all packets transported over the VPN tunnel
  * scales poorly

__**Routing Mode (TUN)**__

**Advantages**
  * A lower traffic overhead, transports only traffic which is destined for the VPN client
  * Transports only layer 3 IP packets
**Disadvantages**
  *  Broadcast traffic is not normally transported
  *  Can only transport IPv4 (OpenVPN 2.3 adds IPv6)
  *  Cannot be used in bridges

===== Network setup =====

For this configuration we will use the most common mode, **__the routing mode__**.

{{:configuration:openvpn1.png|}}

==== Server ====
^General^Parameter^
|Operation mode|Server|
|Server port|1194|
|Type|TUN| 	
|Protocol|UDP|
|Cipher|AES-256-CBC|
^Authentication^Parameter^
|certificate-based|
|HMAC digest|SHA256|
|Manage keys and certifictaes (below)|
^Options^Parameter^ 
|use compression|enable|	
|use keepalive|enable|

After you done with the server configuation apply the setting and we will continue with the client configuation.

==== Client ====
^General^Parameter^
|Operation mode|Client|
|Server port|1194|
|Type|TUN| 	
|Protocol|UDP|
|Cipher|AES-256-CBC|
^Authentication^Parameter^
|certificate-based|
|HMAC digest|SHA256|
|Manage keys and certifictaes (below)|
^Options^Parameter^ 
|use compression|enable|	
|use keepalive|enable|

==== minimal configuration ====
Generate a static key:

    openvpn --genkey --secret static.key

Copy the static key to both client and server, over a pre-existing secure channel.
Server configuration file

    dev tun
    ifconfig 10.8.0.1 10.8.0.2
    secret static.key

Client configuration file

    remote myremote.mydomain
    dev tun
    ifconfig 10.8.0.2 10.8.0.1
    secret static.key





See {{:nrsw:openvpn.pdf|}}