Difference between revisions of "Openvpn"
Jump to navigation
Jump to search
Line 57: | Line 57: | ||
auth-user-pass | auth-user-pass | ||
− | + | ==So, now== | |
+ | |||
+ | if you read that configuration file, you would have seen: | ||
+ | ca /path/to/ca.crt | ||
+ | cert /path/to/foo.crt | ||
+ | key /pat/to/foo.key | ||
+ | and later on: | ||
+ | tls-auth /path/to/ta.key |
Revision as of 13:52, 12 June 2007
Introduction
OpenVPN is an open source Virtual Privet Network (VPN), which allows one to establish a tunnel for any IP subnetwork or virtual ethernet adapter e.i. TUN/TAP kernel device over any UDP/TCP port
Installation
- on debian
you @ host $ apt-get install openvpn
- gentoo
you @ host $ USE='pam ssl examples' emerge openvpn
- Other
can be found here: http://openvpn.net/install.html
Setup
Once installed you will need to set some things up.
- Here is a sample config (though you will need to edit a few lines)
# both '#' and ';' act as comments client dev tap proto udp # change this to your server's address remote server 1194 # change server to either the host name or IP resolv-retry infinite nobind persist-key persist-tun # Point the key and crt files to # the ones for this user tls-client ca /path/to/ca.crt #change the "/path/to/foo.*" to where it really is cert /path/to/foo.crt key /path/to/foo.key #ensure that we are talking to a server ns-cert-type server #confirm we are talking to the correct server tls-auth /path/to/ta.key 1 # keep this one hidden like in /root # Select a cryptographic cipher. # If the cipher option is used on the server # then you must also specify it here. cipher AES-128-CBC # Enable compression on the VPN link. comp-lzo #fragment large packets # I found I needed this for some games but it is # not required #fragment 1400 # enable user/pass authentication auth-user-pass
So, now
if you read that configuration file, you would have seen:
ca /path/to/ca.crt cert /path/to/foo.crt key /pat/to/foo.key
and later on:
tls-auth /path/to/ta.key