Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
configuration:openvpn [2020/06/08 08:00] dodenhoeft [How to create a routed OpenVPN scenario] |
configuration:openvpn [2021/03/05 05:46] dodenhoeft [Server] |
||
|---|---|---|---|
| Line 34: | Line 34: | ||
| * Works in layer 2, meaning Ethernet frames are passed over the VPN tunnel | * Works in layer 2, meaning Ethernet frames are passed over the VPN tunnel | ||
| * Can be used in bridges | * Can be used in bridges | ||
| - | |||
| **Disadvantages** | **Disadvantages** | ||
| * causes much more broadcast overhead on the VPN tunnel | * causes much more broadcast overhead on the VPN tunnel | ||
| Line 45: | Line 44: | ||
| * A lower traffic overhead, transports only traffic which is destined for the VPN client | * A lower traffic overhead, transports only traffic which is destined for the VPN client | ||
| * Transports only layer 3 IP packets | * Transports only layer 3 IP packets | ||
| - | |||
| **Disadvantages** | **Disadvantages** | ||
| - | |||
| * Broadcast traffic is not normally transported | * Broadcast traffic is not normally transported | ||
| * Can only transport IPv4 (OpenVPN 2.3 adds IPv6) | * Can only transport IPv4 (OpenVPN 2.3 adds IPv6) | ||
| * Cannot be used in bridges | * Cannot be used in bridges | ||
| + | |||
| + | ===== Network setup ===== | ||
| + | |||
| + | For this configuration we will use the most common mode, **__the routing mode__**. | ||
| {{:configuration:openvpn1.png|}} | {{:configuration:openvpn1.png|}} | ||
| + | |||
| + | ==== Server ==== | ||
| + | ^General^Parameter^ | ||
| + | |Operation mode|Server| | ||
| + | |Server port|1194| | ||
| + | |Type|TUN| | ||
| + | |Protocol|UDP| | ||
| + | |Cipher|AES-256-CBC| | ||
| + | ^Authentication^Parameter^ | ||
| + | |certificate-based| | ||
| + | |HMAC digest|SHA256| | ||
| + | |Manage keys and certifictaes (below)| | ||
| + | ^Options^Parameter^ | ||
| + | |use compression|enable| | ||
| + | |use keepalive|enable| | ||
| + | |||
| + | After you done with the server configuation apply the setting and we will continue with the client configuation. | ||
| + | |||
| + | ==== Client ==== | ||
| + | ^General^Parameter^ | ||
| + | |Operation mode|Client| | ||
| + | |Server port|1194| | ||
| + | |Type|TUN| | ||
| + | |Protocol|UDP| | ||
| + | |Cipher|AES-256-CBC| | ||
| + | ^Authentication^Parameter^ | ||
| + | |certificate-based| | ||
| + | |HMAC digest|SHA256| | ||
| + | |Manage keys and certifictaes (below)| | ||
| + | ^Options^Parameter^ | ||
| + | |use compression|enable| | ||
| + | |use keepalive|enable| | ||
| + | |||
| + | ==== Keys and certificates ==== | ||
| + | |||
| + | |||
| + | |||
| + | |||
| See {{:nrsw:openvpn.pdf|}} | See {{:nrsw:openvpn.pdf|}} | ||