Merge pull request 'add openvpn docs' (#14) from mark22k/docs:openvpn into master
Reviewed-on: https://codeberg.org/CRXN/docs/pulls/14
This commit is contained in:
commit
7b00937ab8
|
@ -3,3 +3,4 @@
|
||||||
|
|
||||||
- [fastd](fastd)
|
- [fastd](fastd)
|
||||||
- [WireGuard](wireguard)
|
- [WireGuard](wireguard)
|
||||||
|
- [OpenVPN](openvpn)
|
||||||
|
|
|
@ -0,0 +1,59 @@
|
||||||
|
|
||||||
|
# OpenVPN
|
||||||
|
|
||||||
|
**Hint:** OpenVPN with a static key has no Perfect Forward Secrecy (PFS)!
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
|
||||||
|
```
|
||||||
|
mode p2p
|
||||||
|
|
||||||
|
remote <remote>
|
||||||
|
local <local>
|
||||||
|
|
||||||
|
proto <proto>
|
||||||
|
|
||||||
|
rport <rport>
|
||||||
|
lport <lport>
|
||||||
|
|
||||||
|
dev-type tun
|
||||||
|
dev <interface>
|
||||||
|
|
||||||
|
script-security 1
|
||||||
|
cipher aes-256-cbc
|
||||||
|
|
||||||
|
resolv-retry infinite
|
||||||
|
|
||||||
|
persist-key
|
||||||
|
persist-tun
|
||||||
|
|
||||||
|
ifconfig-ipv6 <IPv6> fe80::1000
|
||||||
|
|
||||||
|
secret <secret>
|
||||||
|
```
|
||||||
|
Replace `<remote>` with the IP address of the peer and `<local>` with your IP address.
|
||||||
|
Replace `<proto>` with `udp` for a connection over IPv4 or with `udp6` for a connection over IPv6.
|
||||||
|
Choose a port for `<lport>` and set `<rport>` to the port of your peer. `<lport>` on udp must be opened accordingly in the local firewall.
|
||||||
|
Replace `<interface>` with the appropriate interface name for your peer.
|
||||||
|
Replace `<IPv6>` with your link-local IPv6. The specification of a second link-local address is only necessary for certain functions of OpenVPN, but the specification is mandatory. Therefore the address `fe80::1000` is used here.
|
||||||
|
Replace `<secret>` with the path to the Secret Static Key.
|
||||||
|
|
||||||
|
Generate a Secret Static Key:
|
||||||
|
```
|
||||||
|
openvpn --genkey secret <filename>.key
|
||||||
|
```
|
||||||
|
|
||||||
|
## Automatic start with systemd
|
||||||
|
|
||||||
|
If you save the OpenVPN configuration under `/etc/openvpn/<filename>.conf`, you can use systemd to start the OpenVPN connection or set an automatic start:
|
||||||
|
```
|
||||||
|
systemctl start openvpn@<filename>
|
||||||
|
```
|
||||||
|
```
|
||||||
|
systemctl enable openvpn@<filename>
|
||||||
|
```
|
||||||
|
|
||||||
|
## Further links
|
||||||
|
|
||||||
|
- [Reference manual for OpenVPN 2.6](https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/)
|
||||||
|
- [dn42 OpenVPN Guide](https://dn42.dev/howto/openvpn)
|
Loading…
Reference in New Issue