Normally, OpenVPN would pass all packets to the tun device on the server. Otherwise I would have had to set dev-type explicitly. Since the device name starts with tun, OpenVPN automatically sets the device On the client I let it choose the exact device on its own. To tun0, so I can more easily set firewall rules knowing it'll always be the Sets the name of the virtual network device to use. On the client I set it to udp, because udp6 will force it to only try IPv6,Īnd made OpenVPN not work for me (I don't always have IPv6). On the server I set it to udp6 which tells it to listen to both IPv4 and IPv6 However, if for some reason you can't use This directive sets which port the server should listen on. Will take 192.186.87.1 for itself, and allocate the rest of the subnet forĬhoose a subnet that's unlikely to create clashes with your other networks. The server puts OpenVPN in server mode, and supplies it with a subnet of IPs toĪllocate by specifying an address and a netmask. Tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 comp-lzo no verb 3 persist-tun persist-key # Keys key-direction 1 tls-auth client/ta.key etc/openvpn/nf: client remote 1194 udp dev tun # Uncomment the next line to redirect all traffic through the VPN # redirect-gateway def1 remote-cert-tls server cipher AES-256-CBC Group nobody # Keys tls-auth server/ta.key 0 cert server/cert.crt Tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 comp-lzo no keepalive 15 60 ping-timer-rem ifconfig-pool-persist server/ipp verb 3 persist-tun persist-key # Drop privs user nobody ![]() The config fileĬlick on a line to jump to its explanation. That requires some settings that are annoying to use and setting up a firewall to block mistakes. While my base configuration is hardened (strong encryption and secure settings), my route-all-traffic configuration is not. If you save the file, the next time you try to connect the configuration Tunnelblick will ask for a computer admin username/password.I use my VPN to have remote access into my network, and sometimes also to route all traffic through it, in order to escape some forms of connection filtering. If you see "Edit OpenVPN Configuration File.", click on it and it will open in TextEdit.If you see "Examine OpenVPN Configuration File.", click on it and it will open in a window.Examine (without changing) a Configuration's OpenVPN Configuration File If you save the file, the next time you try to connect the configuration, Tunnelblick will ask for a computer admin username/password. When you are finished, just click the red circle at the top left corner of the window. You can print a copy of the configuration by holding down the "Command" key while pressing the "p" key momentarily. Click "Make Configuration Shared" and enter your username and password when asked.If you did not the configuration "private", skip to step 16.If you make changes to the file, save them before connecting the configuration.The configuration's OpenVPN Configuration file should open in TextEdit.(Don't try too many times! Ask for help on the Tunnelblick Discussion Group). Click "Make Configuration Private" and enter your username and password when asked.If you see "Edit OpenVPN Configuration File.", click on it and skip to step 11. ![]() Click on the little "gear" icon at the bottom of the list of configurations.Click to select the configuration whose OpenVPN configuration file you wish to edit.Click on the large "Configurations" button at the top of the window.Click on the Tunnelblick icon in the menu/status bar and click on "VPN Details.".(You can edit a shared file by converting it to a private configuration first.) Inline keys and certificates in the file are not shown.Įdit a Configuration's OpenVPN Configuration File When you examine a shared configuration, you can only see a redacted version of the configuration file.When you edit a private configuration, you can see the complete configuration file. ![]() You can edit (see and modify) a private configuration, but you can only examine (look at) a shared configuration Edit or Examine an OpenVPN Configuration File
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |