Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
configuration:openvpn [2015/04/20 16:59]
127.0.0.1 external edit
configuration:openvpn [2022/08/05 20:05] (current)
fachet
Line 1: Line 1:
 ====== OpenVPN ====== ====== OpenVPN ======
  
-===== How to create ​routed ​OpenVPN ​scenario ​===== +OpenVPN is a opensourse Software to establish virtual private network(VPN) via encrypted TLS connections. It provides a secure and encrypted user data communication between different hosts and networks.  
-{{:​nrsw:​openvpn.pdf|}}+ 
 +===== The focus on OpenVPN is on ===== 
 + 
 +  * High compatibility and support for many Operation systems (Linux, OS X, Windows, iOS, and Android) 
 +  * High stability 
 +  * Easy Scalability 
 +  * Flexible VPN client extenions 
 +  * Easy installation  
 + 
 + 
 + 
 + 
 + 
 + 
 + 
 + 
 + 
 + 
 + 
 +===== How to setup OpenVPN ​ ===== 
 + 
 +The following step by step instruction will guide you through ​a OpenVPN ​configuration. So basically OpenVPN does have two different modes: 
 + 
 + 
 + 
 +__**Bridge mode (TAP):​**__ 
 + 
 +**Advantages** 
 +  *  behaves like a real network adapter (except it is a virtual network adapter) 
 +  *  can transport any network protocols (IPv4, IPv6, Netalk, IPX, etc, etc) 
 +  *  Works in layer 2, meaning Ethernet frames are passed over the VPN tunnel 
 +  *  Can be used in bridges 
 +**Disadvantages** 
 +  * causes much more broadcast overhead on the VPN tunnel 
 +  * adds the overhead of Ethernet headers on all packets transported over the VPN tunnel 
 +  * scales poorly 
 + 
 +__**Routing Mode (TUN)**__ 
 + 
 +**Advantages** 
 +  * A lower traffic overhead, transports only traffic which is destined for the VPN client 
 +  * Transports only layer 3 IP packets 
 +**Disadvantages** 
 +  *  Broadcast traffic is not normally transported 
 +  *  Can only transport IPv4 (OpenVPN 2.3 adds IPv6) 
 +  *  Cannot be used in bridges 
 + 
 +===== Network setup ===== 
 + 
 +For this configuration we will use the most common mode, **__the routing mode__**. 
 + 
 +{{:​configuration:​openvpn1.png|}} 
 + 
 +==== Server ==== 
 +^General^Parameter^ 
 +|Operation mode|Server| 
 +|Server port|1194| 
 +|Type|TUN|  
 +|Protocol|UDP| 
 +|Cipher|AES-256-CBC| 
 +^Authentication^Parameter^ 
 +|certificate-based| 
 +|HMAC digest|SHA256| 
 +|Manage keys and certifictaes (below)| 
 +^Options^Parameter^  
 +|use compression|enable|  
 +|use keepalive|enable| 
 + 
 +After you done with the server configuation apply the setting and we will continue with the client configuation. 
 + 
 +==== Client ==== 
 +^General^Parameter^ 
 +|Operation mode|Client| 
 +|Server port|1194| 
 +|Type|TUN|  
 +|Protocol|UDP| 
 +|Cipher|AES-256-CBC| 
 +^Authentication^Parameter^ 
 +|certificate-based| 
 +|HMAC digest|SHA256| 
 +|Manage keys and certifictaes (below)| 
 +^Options^Parameter^  
 +|use compression|enable|  
 +|use keepalive|enable| 
 + 
 +==== minimal configuration ==== 
 +Generate a static key: 
 + 
 +    openvpn --genkey --secret static.key 
 + 
 +Copy the static key to both client and server, over a pre-existing secure channel. 
 +Server configuration file 
 + 
 +    dev tun 
 +    ifconfig 10.8.0.1 10.8.0.2 
 +    secret static.key 
 + 
 +Client configuration file 
 + 
 +    remote myremote.mydomain 
 +    dev tun 
 +    ifconfig 10.8.0.2 10.8.0.1 
 +    secret static.key 
 + 
 + 
 + 
 + 
 + 
 +See {{:​nrsw:​openvpn.pdf|}}