====== OpenVPN ====== OpenVPN is a opensourse Software to establish virtual private network(VPN) via encrypted TLS connections. It provides a secure and encrypted user data communication between different hosts and networks. ===== The focus on OpenVPN is on ===== * High compatibility and support for many Operation systems (Linux, OS X, Windows, iOS, and Android) * High stability * Easy Scalability * Flexible VPN client extenions * Easy installation ===== How to setup OpenVPN ===== The following step by step instruction will guide you through a OpenVPN configuration. So basically OpenVPN does have two different modes: __**Bridge mode (TAP):**__ **Advantages** * behaves like a real network adapter (except it is a virtual network adapter) * can transport any network protocols (IPv4, IPv6, Netalk, IPX, etc, etc) * Works in layer 2, meaning Ethernet frames are passed over the VPN tunnel * Can be used in bridges **Disadvantages** * causes much more broadcast overhead on the VPN tunnel * adds the overhead of Ethernet headers on all packets transported over the VPN tunnel * scales poorly __**Routing Mode (TUN)**__ **Advantages** * A lower traffic overhead, transports only traffic which is destined for the VPN client * Transports only layer 3 IP packets **Disadvantages** * Broadcast traffic is not normally transported * Can only transport IPv4 (OpenVPN 2.3 adds IPv6) * Cannot be used in bridges ===== Network setup ===== For this configuration we will use the most common mode, **__the routing mode__**. {{:configuration:openvpn1.png|}} ==== Server ==== ^General^Parameter^ |Operation mode|Server| |Server port|1194| |Type|TUN| |Protocol|UDP| |Cipher|AES-256-CBC| ^Authentication^Parameter^ |certificate-based| |HMAC digest|SHA256| |Manage keys and certifictaes (below)| ^Options^Parameter^ |use compression|enable| |use keepalive|enable| After you done with the server configuation apply the setting and we will continue with the client configuation. ==== Client ==== ^General^Parameter^ |Operation mode|Client| |Server port|1194| |Type|TUN| |Protocol|UDP| |Cipher|AES-256-CBC| ^Authentication^Parameter^ |certificate-based| |HMAC digest|SHA256| |Manage keys and certifictaes (below)| ^Options^Parameter^ |use compression|enable| |use keepalive|enable| ==== minimal configuration ==== Generate a static key: openvpn --genkey --secret static.key Copy the static key to both client and server, over a pre-existing secure channel. Server configuration file dev tun ifconfig 10.8.0.1 10.8.0.2 secret static.key Client configuration file remote myremote.mydomain dev tun ifconfig 10.8.0.2 10.8.0.1 secret static.key See {{:nrsw:openvpn.pdf|}}