FreshTomato Wiki

User Tools

Site Tools

Trace: about vpn-server halt
vpn-server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
vpn-server [2024/11/06 03:38] – [Routing Notes] -Clarity hogwildvpn-server [2024/11/24 10:52] (current) – CB -> CBC petervdm
Line 13: Line 13:
  \\  \\
  
-However, there are still differences between versions. For example, clients and servers may be configured on different versions. Encryption algorithms may be negotiated differently among versions. FreshTomato 2024.3 includes OpenVPN 2.6.12. For details, see the OpenVPN documentation/support forums: [[https://build.openvpn.net/man/openvpn-2.5/openvpn.8.html]]+However, there are still differences between versions. For example, clients and servers may be configured on different versions. Encryption algorithms may be negotiated differently among versions. FreshTomato 2024.3 includes OpenVPN 2.6.12. For details, see the OpenVPN documentation/support forums: [[https://build.openvpn.net/man/openvpn-2.6/openvpn.8.html]]
  
  \\  \\
Line 351: Line 351:
   * AES-128-GCM   * AES-128-GCM
   * AES-256-GCM   * AES-256-GCM
-  * AES-128-CB+  * AES-128-CBC
   * AES-256-CBC   * AES-256-CBC
  
Line 448: Line 448:
 Here, you can specify a custom configuration for the OpenVPN server to use. Here, you can specify a custom configuration for the OpenVPN server to use.
  
-For details about valid custom parameters, please see: \\  [[https://build.openvpn.net/man/openvpn-2.5/openvpn.8.html]] \\ .+For details about valid custom parameters, please see: \\  [[https://build.openvpn.net/man/openvpn-2.6/openvpn.8.html]] \\ .
  
  
Line 624: Line 624:
 You must then restart both the OpenVPN server and the client.\\  \\ You must then restart both the OpenVPN server and the client.\\  \\
  
-Then, the server tells any client that connects to route all traffic for IP addresses in scope 192.168.1.XXX through the VPN.+This will cause the server to tell any client that connects to route all traffic for IP addresses in scope 192.168.1.XXX through the VPN.
  
-This example describes a basic setup. When we now start on the routing, the setup will be mostly complete. The only thing left to do is to add the appropriate routes, as with normal routing.+This example describes a basic setup. The setup is almost complete. The only thing left is to add the appropriate routes, as with normal routing.
  
-You also must ensure return routes. Just because a VPN client can access a host behind the VPN server, doesn't mean the host behind the server will send the response via the same route. You must ensure hosts behind your VPN server also know which gateway to use for VPN traffic. Usually, this is done by adding a route on the existing default gateway. Then, if you run OpenVPN on an existing gateway, you have the return route already (implicitlyconfigured.+You also must ensure return routes. Just because a VPN client can access a host behind the VPN server, doesn't mean the host behind the server will send the response via the same route. Hosts behind the VPN server must know which gateway to use for VPN traffic. Usually, this is done by adding a route on the existing default gateway. Then, if you run OpenVPN on an existing gateway, you have the return route already implicitly configured.
  
-For a more detailed example of using routing, see the%% ​%%Using routing%% %%section in the 'Bridging and routingwiki page.+For a more detailed example, see the%% ​%%Using routing%% %%section in the Bridging and routing wiki page.
  
  
-==== Routing all Traffic over the VPN ====+==== Routing all Traffic through the VPN ====
  
 You can route all network traffic over the VPN. The configuration for this is fairly simple. However, you'll need to learn how to configure NAT on your VPN server for the virtual TUN adapter. You can route all network traffic over the VPN. The configuration for this is fairly simple. However, you'll need to learn how to configure NAT on your VPN server for the virtual TUN adapter.
Line 666: Line 666:
 ==== About IPv6 ==== ==== About IPv6 ====
  
-OpenVPN v2.3 and later support IPv6. Setting up IPv6 in a VPN is similar to the IPv4 examples above. To configure IPv6, please use the //–server-ipv6// and //–route-ipv6//  options.+OpenVPN v2.3 and later support IPv6. Configuring IPv6 for a VPN is similar to the above IPv4 examples. To configure IPv6, you must use the \\ //–server-ipv6// and //–route-ipv6//  options.
  
  \\  \\
Line 682: Line 682:
  \\  \\
  
-You can use the //–route-ipv6// option in two ways. You can push it from the server, or use it directly in the client configuration. The same is true for the //–route// option. The syntax is similar:+You can use the //–route-ipv6// option two ways. You can push it from the server, or use it directly in client settings. The same is true for the //–route// option. 
 + 
 + \\ 
 + 
 +The syntax is similar:
  
  \\  \\
vpn-server.1730864307.txt.gz · Last modified: 2024/11/06 03:38 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki