NamHB's Blog

OpenVPN. Configuration file

Nam Ha Bach's photo
Nam Ha Bach
·

4 min read

If run automatic:
*.conf for linux *.opvn for M$
and file location:
M$: "C:\Program Files\OpenVPN\config\"
Linux: /etc/openvpn
In config file:
CLIENT/SERVER DESIGNATION:
SERVER: Don`t need any things
CLIENT:

SERVER IP ADDRESS

remote 100.0.0.1
#

TUNNEL MODE:
TUN or TAP tunnel.

ETHERNET OR IP TUNNEL

"dev tun" will create a routed IP tunnel

dev tun

"dev tap" will create an Ethernet tunnel

dev tap

use "dev tun" or "dev tap" but not both

TUNNEL PORT:

TCP OR UDP TUNNEL

TCP tunnel

proto tcp

UDP tunnel is recommended

proto udp

use TCP or UDP but not both

TCP OR UDP PORT

port 1194

OpenVPN security:
Transparent tunnel:
OpenVPN just tunnels the data without authentication, confidentiality, or integrity. In other words there is no security checks whatsoever, and the data can be read as it passes through the tunnel.

Client AND Server configs

No integritiy (hash function

algorithm)

auth none

No encryption (cipher algorithm)

cipher none

Preshared keys:

PRESHARED KEYS

Linux system

static /home/user/openvpn/key.txt

Windows system

static "C:\\Program Files\\OpenVPN\\config\\key.txt"

SSL/TLS:
Server:

SSL/TLS SERVER

tls-server

Client:

SSL/TLS CLIENT

tls-client

Certificates and public keys:
Server:

CERTIFICATES AND PRIVATE KEY

Authority certificate (CA public key)

ca ca.key

Server certificate (server public key)

cert server.crt

Server private key

key server.key

Client:

CERTIFICATES AND PRIVATE KEY

Authority certificate (CA public key)

ca ca.key

Client certificate (client public key)

cert client.crt

Client private key

key client.key

Diffie-Hellmann (DH) settings:
Server:

Diffie-Hellman settings

dh dh1024.pem

Client:

No DH setting on the client

#

CIPHER ALGORITHM
Server and Client:

CIPHER ALGORITHM

cipher AES-256-CBC

HASH FUNCTION ALGORITHM
Server and Client:

HASH FUNCTION ALGORYTHM

auth MD5

IP ADDRESSES:
Static IP:
Server:

IP ADDRESSING

IP mode example: use subnet mask 30 ( routing)

Server IP: 10.8.0.1 ; Client IP: 10.8.0.2

ifconfig 10.8.0.1 10.8.0.2

Bridge mode example

Server IP: 10.8.0.1

ifconfig 10.8.0.1 255.255.255.0

Use bridged or routed settings but not

both

Client and Server must use the same

tunnel mode

Client:

IP ADDRESSING

IP mode example:

Server IP: 10.8.0.1 ; Client IP: 10.8.0.2

ifconfig 10.8.0.2 10.8.0.1

Bridge mode example

Client IP: 10.8.0.2

ifconfig 10.8.0.2 255.255.255.0

Use bridged or routed settings but not

both

Client and Server must use the same

tunnel mode

DHCP:
Server:

DHCP SETTINGS

DHCP range

Server will take the first IP address

server 10.8.0.0 255.255.255.0

Client:

CLIENT ACCEPTS SERVER OPTIONS

The client should accept options pushed

by the server

pull

Run:

#openvpn path-to-config-file

------------------------------------------------------------
Thanks for reading
--------------------------------------------------------------------------
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more.

Nam Habach