add openvpn docs

Signed-off-by: Marek Küthe <m.k@mk16.de>
2025-02-19 14:36:48 +00:00 · 2023-01-02 16:02:06 +01:00 · 2023-01-02 16:02:06 +01:00 · bc8ed874e4
commit bc8ed874e4
parent 15e993248a
2 changed files with 53 additions and 0 deletions
--- a/docs/tunneling/index.md
+++ b/docs/tunneling/index.md
@ -3,3 +3,4 @@

 - [fastd](fastd)
 - [WireGuard](wireguard)
+- [OpenVPN](openvpn)
--- a/docs/tunneling/openvpn.md
+++ b/docs/tunneling/openvpn.md
@ -0,0 +1,52 @@
+
+# OpenVPN
+
+## Configuration
+
+```
+mode p2p
+
+remote <remote>
+local <local>
+
+proto <proto>
+
+rport <rport>
+lport <lport>
+
+dev-type tun
+dev <interface>
+
+script-security 1
+cipher aes-256-cbc
+
+resolv-retry infinite
+
+persist-key
+persist-tun
+
+ifconfig-ipv6 <IPv6 A> <IPv6 B>
+
+secret <secret>
+```
+Replace `<remote>` with the IP address of the peer and `<local>` with your IP address.
+Replace `<proto>` with `udp` for a connection over IPv4 or with `udp6` for a connection over IPv6.
+Choose a port for `<lport>` and set `<rport>` to the port of your peer. `<lport>` on udp must be opened accordingly in the local firewall.
+Replace `<interface>` with the appropriate interface name for your peer.
+Replace `<IPv6 A>` with your link-local IPv6 and `<IPv6 B>` with the link-local IPv6 of your peer.
+Replace `<secret>` with the path to the Secret Static Key.
+
+Generate a Secret Static Key:
+```
+openvpn --genkey secret <filename>.key
+```
+
+## Automatic start with systemd
+
+If you save the OpenVPN configuration under `/etc/openvpn/<filename>.conf`, you can use systemd to start the OpenVPN connection or set an automatic start:
+```
+systemctl start openvpn@<filename>
+```
+```
+systemctl enable openvpn@<filename>
+```