Difference between revisions of "Openvpn"
Jump to navigation
Jump to search
(→Setup) |
|||
| Line 19: | Line 19: | ||
==Setup== | ==Setup== | ||
| + | |||
| + | Once installed you will need to set some things up. | ||
| + | |||
| + | *Here is a sample config (though you will need to edit a few lines) | ||
| + | |||
| + | # both '#' and ';' act as comments | ||
| + | client | ||
| + | dev tap | ||
| + | proto udp | ||
| + | # change this to your server's address | ||
| + | remote server 1194 # change server to either the host name or IP | ||
| + | resolv-retry infinite | ||
| + | nobind | ||
| + | persist-key | ||
| + | persist-tun | ||
| + | # Point the key and crt files to | ||
| + | # the ones for this user | ||
| + | tls-client | ||
| + | ca /path/to/ca.crt #change the "/path/to/foo.*" to where it really is | ||
| + | cert /path/to/foo.crt | ||
| + | key /path/to/foo.key | ||
| + | #ensure that we are talking to a server | ||
| + | ns-cert-type server | ||
| + | #confirm we are talking to the correct server | ||
| + | tls-auth /path/to/ta.key 1 # keep this one hidden like in /root | ||
| + | # Select a cryptographic cipher. | ||
| + | # If the cipher option is used on the server | ||
| + | # then you must also specify it here. | ||
| + | cipher AES-128-CBC | ||
| + | # Enable compression on the VPN link. | ||
| + | comp-lzo | ||
| + | #fragment large packets | ||
| + | # I found I needed this for some games but it is | ||
| + | # not required | ||
| + | #fragment 1400 | ||
| + | # enable user/pass authentication | ||
| + | auth-user-pass | ||
Revision as of 15:27, 6 June 2007
Introduction
OpenVPN is an open source Virtual Privet Network (VPN), which allows one to establish a tunnel for any IP subnetwork or virtual ethernet adapter e.i. TUN/TAP kernel device over any UDP/TCP port
Installation
- on debian
you @ host $ apt-get install openvpn
- gentoo
you @ host $ USE='pam ssl examples' emerge openvpn
- Other
can be found here: http://openvpn.net/install.html
Setup
Once installed you will need to set some things up.
- Here is a sample config (though you will need to edit a few lines)
# both '#' and ';' act as comments client dev tap proto udp # change this to your server's address remote server 1194 # change server to either the host name or IP resolv-retry infinite nobind persist-key persist-tun # Point the key and crt files to # the ones for this user tls-client ca /path/to/ca.crt #change the "/path/to/foo.*" to where it really is cert /path/to/foo.crt key /path/to/foo.key #ensure that we are talking to a server ns-cert-type server #confirm we are talking to the correct server tls-auth /path/to/ta.key 1 # keep this one hidden like in /root # Select a cryptographic cipher. # If the cipher option is used on the server # then you must also specify it here. cipher AES-128-CBC # Enable compression on the VPN link. comp-lzo #fragment large packets # I found I needed this for some games but it is # not required #fragment 1400 # enable user/pass authentication auth-user-pass