Difference between revisions of "Openvpn"
Jump to navigation
Jump to search
(→Setup) |
|||
Line 19: | Line 19: | ||
==Setup== | ==Setup== | ||
+ | |||
+ | Once installed you will need to set some things up. | ||
+ | |||
+ | *Here is a sample config (though you will need to edit a few lines) | ||
+ | |||
+ | # both '#' and ';' act as comments | ||
+ | client | ||
+ | dev tap | ||
+ | proto udp | ||
+ | # change this to your server's address | ||
+ | remote server 1194 # change server to either the host name or IP | ||
+ | resolv-retry infinite | ||
+ | nobind | ||
+ | persist-key | ||
+ | persist-tun | ||
+ | # Point the key and crt files to | ||
+ | # the ones for this user | ||
+ | tls-client | ||
+ | ca /path/to/ca.crt #change the "/path/to/foo.*" to where it really is | ||
+ | cert /path/to/foo.crt | ||
+ | key /path/to/foo.key | ||
+ | #ensure that we are talking to a server | ||
+ | ns-cert-type server | ||
+ | #confirm we are talking to the correct server | ||
+ | tls-auth /path/to/ta.key 1 # keep this one hidden like in /root | ||
+ | # Select a cryptographic cipher. | ||
+ | # If the cipher option is used on the server | ||
+ | # then you must also specify it here. | ||
+ | cipher AES-128-CBC | ||
+ | # Enable compression on the VPN link. | ||
+ | comp-lzo | ||
+ | #fragment large packets | ||
+ | # I found I needed this for some games but it is | ||
+ | # not required | ||
+ | #fragment 1400 | ||
+ | # enable user/pass authentication | ||
+ | auth-user-pass |
Revision as of 15:27, 6 June 2007
Introduction
OpenVPN is an open source Virtual Privet Network (VPN), which allows one to establish a tunnel for any IP subnetwork or virtual ethernet adapter e.i. TUN/TAP kernel device over any UDP/TCP port
Installation
- on debian
you @ host $ apt-get install openvpn
- gentoo
you @ host $ USE='pam ssl examples' emerge openvpn
- Other
can be found here: http://openvpn.net/install.html
Setup
Once installed you will need to set some things up.
- Here is a sample config (though you will need to edit a few lines)
# both '#' and ';' act as comments client dev tap proto udp # change this to your server's address remote server 1194 # change server to either the host name or IP resolv-retry infinite nobind persist-key persist-tun # Point the key and crt files to # the ones for this user tls-client ca /path/to/ca.crt #change the "/path/to/foo.*" to where it really is cert /path/to/foo.crt key /path/to/foo.key #ensure that we are talking to a server ns-cert-type server #confirm we are talking to the correct server tls-auth /path/to/ta.key 1 # keep this one hidden like in /root # Select a cryptographic cipher. # If the cipher option is used on the server # then you must also specify it here. cipher AES-128-CBC # Enable compression on the VPN link. comp-lzo #fragment large packets # I found I needed this for some games but it is # not required #fragment 1400 # enable user/pass authentication auth-user-pass