FreshTomato Wiki

User Tools

Site Tools

Trace: about vpn-server halt
vpn-server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
vpn-server [2024/11/05 23:24] – [Routing Notes] -Condense hogwildvpn-server [2024/11/24 10:52] (current) – CB -> CBC petervdm
Line 13: Line 13:
  \\  \\
  
-However, there are still differences between versions. For example, clients and servers may be configured on different versions. Encryption algorithms may be negotiated differently among versions. FreshTomato 2024.3 includes OpenVPN 2.6.12. For details, see the OpenVPN documentation/support forums: [[https://build.openvpn.net/man/openvpn-2.5/openvpn.8.html]]+However, there are still differences between versions. For example, clients and servers may be configured on different versions. Encryption algorithms may be negotiated differently among versions. FreshTomato 2024.3 includes OpenVPN 2.6.12. For details, see the OpenVPN documentation/support forums: [[https://build.openvpn.net/man/openvpn-2.6/openvpn.8.html]]
  
  \\  \\
Line 351: Line 351:
   * AES-128-GCM   * AES-128-GCM
   * AES-256-GCM   * AES-256-GCM
-  * AES-128-CB+  * AES-128-CBC
   * AES-256-CBC   * AES-256-CBC
  
Line 448: Line 448:
 Here, you can specify a custom configuration for the OpenVPN server to use. Here, you can specify a custom configuration for the OpenVPN server to use.
  
-For details about valid custom parameters, please see: \\  [[https://build.openvpn.net/man/openvpn-2.5/openvpn.8.html]] \\ .+For details about valid custom parameters, please see: \\  [[https://build.openvpn.net/man/openvpn-2.6/openvpn.8.html]] \\ .
  
  
Line 621: Line 621:
    push "route 192.168.1.0 255.255.255.0"    push "route 192.168.1.0 255.255.255.0"
 </code> </code>
 + \\ 
 +You must then restart both the OpenVPN server and the client.\\  \\
  
-You must then restart both the OpenVPN server and the client.\\+This will cause the server to tell any client that connects to route all traffic for IP addresses in scope 192.168.1.XXX through the VPN.
  
-Now, when the client connects, the server tells it to route all traffic for IP addresses in scope 192.168.1.XXX through the VPN.+This example describes a basic setupThe setup is almost completeThe only thing left is to add the appropriate routes, as with normal routing.
  
-This example describes a basic setupWhen we now start on the routing, the setup is mostly completeAll you need now is to add the appropriate routesjust as you would for normal routing.+You also must ensure return routesJust because a VPN client can access a host behind the VPN serverdoesn't mean the host behind the server will send the response via the same routeHosts behind the VPN server must know which gateway to use for VPN traffic. Usually, this is done by adding a route on the existing default gateway. Thenif you run OpenVPN on an existing gateway, you have the return route already implicitly configured.
  
-You also must consider return routes. Just because VPN client can access a host behind the VPN serverdoesn't mean the host behind the server will send the response via the same route. You must ensure hosts behind your VPN server also know which gateway to use for VPN traffic. Usually, this is done by adding a route on the existing default gateway. Then, if you run OpenVPN on an existing gateway, you have the return route already (implicitly) configured.+For more detailed examplesee the%% ​%%Using routing%% %%section in the Bridging and routing wiki page.
  
-For a more detailed example of using routing, see the%% ​%%Using routing%% %%section in the 'Bridging and routing' wiki page. 
  
- +==== Routing all Traffic through the VPN ====
-==== Routing all Traffic over the VPN ====+
  
 You can route all network traffic over the VPN. The configuration for this is fairly simple. However, you'll need to learn how to configure NAT on your VPN server for the virtual TUN adapter. You can route all network traffic over the VPN. The configuration for this is fairly simple. However, you'll need to learn how to configure NAT on your VPN server for the virtual TUN adapter.
Line 666: Line 666:
 ==== About IPv6 ==== ==== About IPv6 ====
  
-OpenVPN v2.3 and later support IPv6. Setting up IPv6 in a VPN is similar to the IPv4 examples above. To configure IPv6, please use the //–server-ipv6// and //–route-ipv6//  options.+OpenVPN v2.3 and later support IPv6. Configuring IPv6 for a VPN is similar to the above IPv4 examples. To configure IPv6, you must use the \\ //–server-ipv6// and //–route-ipv6//  options.
  
  \\  \\
Line 682: Line 682:
  \\  \\
  
-You can use the //–route-ipv6// option in two ways. You can push it from the server, or use it directly in the client configuration. The same is true for the //–route// option. The syntax is similar:+You can use the //–route-ipv6// option two ways. You can push it from the server, or use it directly in client settings. The same is true for the //–route// option. 
 + 
 + \\ 
 + 
 +The syntax is similar:
  
  \\  \\
vpn-server.1730849078.txt.gz · Last modified: 2024/11/05 23:24 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki