FreshTomato Wiki

User Tools

Site Tools

Trace: about vpn-server halt
vpn-server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
vpn-server [2024/11/05 22:06] – [Keys Tab] hogwildvpn-server [2024/11/24 10:52] (current) – CB -> CBC petervdm
Line 13: Line 13:
  \\  \\
  
-However, there are still differences between versions. For example, clients and servers may be configured on different versions. Encryption algorithms may be negotiated differently among versions. FreshTomato 2024.3 includes OpenVPN 2.6.12. For details, see the OpenVPN documentation/support forums: [[https://build.openvpn.net/man/openvpn-2.5/openvpn.8.html]]+However, there are still differences between versions. For example, clients and servers may be configured on different versions. Encryption algorithms may be negotiated differently among versions. FreshTomato 2024.3 includes OpenVPN 2.6.12. For details, see the OpenVPN documentation/support forums: [[https://build.openvpn.net/man/openvpn-2.6/openvpn.8.html]]
  
  \\  \\
Line 351: Line 351:
   * AES-128-GCM   * AES-128-GCM
   * AES-256-GCM   * AES-256-GCM
-  * AES-128-CB+  * AES-128-CBC
   * AES-256-CBC   * AES-256-CBC
  
Line 448: Line 448:
 Here, you can specify a custom configuration for the OpenVPN server to use. Here, you can specify a custom configuration for the OpenVPN server to use.
  
-For details about valid custom parameters, please see: \\  [[https://build.openvpn.net/man/openvpn-2.5/openvpn.8.html]] \\ .+For details about valid custom parameters, please see: \\  [[https://build.openvpn.net/man/openvpn-2.6/openvpn.8.html]] \\ .
  
  
Line 470: Line 470:
  
   * A separate certificate (public key) and private key for the server \\ and for each client   * A separate certificate (public key) and private key for the server \\ and for each client
-  * A master Certificate Authority (CAcertificate and key used to sign \\ each of the server and client certificates+  * A master CA certificate and key used to sign each of the server \\ and client certificates
  
  \\  \\
Line 601: Line 601:
 ==== Routing Notes ==== ==== Routing Notes ====
  
-To access particular network resources from other IP addresses through the VPN, you must add network routes. A route tells your system where to send network traffic to access certain resources. An OS can handle multiple routes via multiple gateways at the same time. For example, say you have a server on 192.168.1.10 behind your VPN server. You want to access this server through the VPN. You need to tell OpenVPN to configure a route for either a specific host or a network range to go through the tunnel.+You must add network routes to access specific resources from other IP addresses via the VPN.  A route tells your system where to send network traffic to access certain resources. An OS can handle multiple routes via multiple gateways at the same time.
  
  \\  \\
  
-To configure this, you need to add a line in the server configuration and restart OpenVPN server and OpenVPN client.+For example, let's say: 
 + 
 +  * A server exists on 192.168.1.10 behind your VPN server. 
 +  * You want to access this server through the VPN. 
 + 
 + \\ 
 + 
 +You need to configure OpenVPN to route specific hosts or networks through the tunnel. 
 + 
 +To do this, you must add a line similar to this in the server configuration:
  
  \\  \\
Line 612: Line 621:
    push "route 192.168.1.0 255.255.255.0"    push "route 192.168.1.0 255.255.255.0"
 </code> </code>
 + \\ 
 +You must then restart both the OpenVPN server and the client.\\  \\
  
- \\+This will cause the server to tell any client that connects to route all traffic for IP addresses in scope 192.168.1.XXX through the VPN.
  
-Now, when the client connects, the server tells it that it should route all traffic for IP addresses in the 192.168.1.XXX scope through the VPN.+This example describes a basic setupThe setup is almost completeThe only thing left is to add the appropriate routes, as with normal routing.
  
-This is an example of a basic setupWhen we now start on the routing part, the setup is mostly completeAt this pointall you need to add are the appropriate routesjust as you would for normal TCP/IP routing.+You also must ensure return routesJust because a VPN client can access a host behind the VPN serverdoesn't mean the host behind the server will send the response via the same routeHosts behind the VPN server must know which gateway to use for VPN traffic. Usually, this is done by adding a route on the existing default gateway. Thenif you run OpenVPN on an existing gateway, you have the return route already implicitly configured.
  
-Remember, you also need to consider return routes. Just because VPN client can access a host behind the VPN serverdoesn't mean the host behind the server can/will send the response via the same route. You must ensure the hosts behind your VPN server also know which gateway to use for the VPN. Usually, this is done by adding a route on your existing default gateway. Then, if you run OpenVPN on an existing gateway, you have the return route already (implicitly) configured.+For more detailed examplesee the%% ​%%Using routing%% %%section in the Bridging and routing wiki page.
  
-For a more detailed example of using routing, see the%% ​%%Using routing%% %%section in the 'Bridging and routing' wiki page. 
  
- +==== Routing all Traffic through the VPN ====
-==== Routing all Traffic over the VPN ====+
  
 You can route all network traffic over the VPN. The configuration for this is fairly simple. However, you'll need to learn how to configure NAT on your VPN server for the virtual TUN adapter. You can route all network traffic over the VPN. The configuration for this is fairly simple. However, you'll need to learn how to configure NAT on your VPN server for the virtual TUN adapter.
Line 657: Line 666:
 ==== About IPv6 ==== ==== About IPv6 ====
  
-OpenVPN v2.3 and later support IPv6. Setting up IPv6 in a VPN is similar to the IPv4 examples above. To configure IPv6, please use the //–server-ipv6// and //–route-ipv6//  options.+OpenVPN v2.3 and later support IPv6. Configuring IPv6 for a VPN is similar to the above IPv4 examples. To configure IPv6, you must use the \\ //–server-ipv6// and //–route-ipv6//  options.
  
  \\  \\
Line 673: Line 682:
  \\  \\
  
-You can use the //–route-ipv6// option in two ways. You can push it from the server, or use it directly in the client configuration. The same is true for the //–route// option. The syntax is similar:+You can use the //–route-ipv6// option two ways. You can push it from the server, or use it directly in client settings. The same is true for the //–route// option. 
 + 
 + \\ 
 + 
 +The syntax is similar:
  
  \\  \\
vpn-server.1730844382.txt.gz · Last modified: 2024/11/05 22:06 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki