User Tools
Site Tools
Trace:
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| configuration:openvpn [2015/04/20 16:59] – external edit 127.0.0.1 | configuration:openvpn [2022/08/05 20:05] (current) – fachet | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== OpenVPN ====== | ====== OpenVPN ====== | ||
| - | ===== How to create | + | OpenVPN is a opensourse Software to establish virtual private network(VPN) via encrypted TLS connections. It provides a secure and encrypted user data communication between different hosts and networks. |
| - | {{: | + | |
| + | ===== The focus on OpenVPN is on ===== | ||
| + | |||
| + | * High compatibility and support for many Operation systems (Linux, OS X, Windows, iOS, and Android) | ||
| + | * High stability | ||
| + | * Easy Scalability | ||
| + | * Flexible VPN client extenions | ||
| + | * Easy installation | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | ===== How to setup OpenVPN | ||
| + | |||
| + | The following step by step instruction will guide you through | ||
| + | |||
| + | |||
| + | |||
| + | __**Bridge mode (TAP): | ||
| + | |||
| + | **Advantages** | ||
| + | * behaves like a real network adapter (except it is a virtual network adapter) | ||
| + | * can transport any network protocols (IPv4, IPv6, Netalk, IPX, etc, etc) | ||
| + | * Works in layer 2, meaning Ethernet frames are passed over the VPN tunnel | ||
| + | * Can be used in bridges | ||
| + | **Disadvantages** | ||
| + | * causes much more broadcast overhead on the VPN tunnel | ||
| + | * adds the overhead of Ethernet headers on all packets transported over the VPN tunnel | ||
| + | * scales poorly | ||
| + | |||
| + | __**Routing Mode (TUN)**__ | ||
| + | |||
| + | **Advantages** | ||
| + | * A lower traffic overhead, transports only traffic which is destined for the VPN client | ||
| + | * Transports only layer 3 IP packets | ||
| + | **Disadvantages** | ||
| + | * Broadcast traffic is not normally transported | ||
| + | * Can only transport IPv4 (OpenVPN 2.3 adds IPv6) | ||
| + | * Cannot be used in bridges | ||
| + | |||
| + | ===== Network setup ===== | ||
| + | |||
| + | For this configuration we will use the most common mode, **__the routing mode__**. | ||
| + | |||
| + | {{: | ||
| + | |||
| + | ==== Server ==== | ||
| + | ^General^Parameter^ | ||
| + | |Operation mode|Server| | ||
| + | |Server port|1194| | ||
| + | |Type|TUN| | ||
| + | |Protocol|UDP| | ||
| + | |Cipher|AES-256-CBC| | ||
| + | ^Authentication^Parameter^ | ||
| + | |certificate-based| | ||
| + | |HMAC digest|SHA256| | ||
| + | |Manage keys and certifictaes (below)| | ||
| + | ^Options^Parameter^ | ||
| + | |use compression|enable| | ||
| + | |use keepalive|enable| | ||
| + | |||
| + | After you done with the server configuation apply the setting and we will continue with the client configuation. | ||
| + | |||
| + | ==== Client ==== | ||
| + | ^General^Parameter^ | ||
| + | |Operation mode|Client| | ||
| + | |Server port|1194| | ||
| + | |Type|TUN| | ||
| + | |Protocol|UDP| | ||
| + | |Cipher|AES-256-CBC| | ||
| + | ^Authentication^Parameter^ | ||
| + | |certificate-based| | ||
| + | |HMAC digest|SHA256| | ||
| + | |Manage keys and certifictaes (below)| | ||
| + | ^Options^Parameter^ | ||
| + | |use compression|enable| | ||
| + | |use keepalive|enable| | ||
| + | |||
| + | ==== minimal configuration ==== | ||
| + | Generate a static key: | ||
| + | |||
| + | openvpn --genkey --secret static.key | ||
| + | |||
| + | Copy the static key to both client and server, over a pre-existing secure channel. | ||
| + | Server configuration file | ||
| + | |||
| + | dev tun | ||
| + | ifconfig 10.8.0.1 10.8.0.2 | ||
| + | secret static.key | ||
| + | |||
| + | Client configuration file | ||
| + | |||
| + | remote myremote.mydomain | ||
| + | dev tun | ||
| + | ifconfig 10.8.0.2 10.8.0.1 | ||
| + | secret static.key | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | See {{: | ||