Changes

928 bytes added , Yesterday at 13:47

no edit summary

Line 146: Line 146:

<tr>

<td>TLS/TLS/Password: TLS cipher</td>

−

<td>All {{!}} DHE+RSA {{!}} Custom; default: All</td>

+

<td>All {{!}} DHE+RSA {{!}} Custom; default: All</td>

<td>Packet encryption algorithm cipher.</td>

</tr>

<tr>

−

<td>TLS/TLS/Password: Allowed TLS ciphers</td>

+

<td>TLS/TLS/Password: Allowed TLS ciphers</td>

<td>Custom {{!}} TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 {{!}} TLS-DHE-RSA-WITH-AES-256-CBC-SHA {{!}} TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 {{!}} TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA {{!}} TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA {{!}} TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 {{!}} TLS-DHE-RSA-WITH-AES-128-CBC-SHA {{!}} TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 {{!}} TLS-DHE-RSA-WITH-SEED-CBC-SHA {{!}} TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA {{!}} TLS-DHE-RSA-WITH-DES-CBC-SHA; default: All</td>

<td>Specific cyphers to use. Only 6 can be selected at a time.</td>

Line 205: Line 205:

</tr>

<tr>

−

<td>TLS/Password:Use PKCS #12 format</td>

+

<td>TLS/TLS/Password/Password:Use PKCS #12 format</td>

<td>off {{!}} on; default: off</td>

<td>Turn PKCS #12 format on or off.</td>

Line 271: Line 271:

<ul>

<li>Red for Authentication: TLS</li>

−

<li>~~Red~~ for Authentication: TLS/Password</li>

+

<li>Olive for Authentication: TLS/Password</li>

<li>Purple for Authentication: Static key</li>

<li>Blue for Authentication: Password</li>

Line 288: Line 288:

To begin configuration, click the button that looks like a pencil next to the server instance. Refer to the figure and table below for information on the OpenVPN server's configuration fields:

−

[[File:~~Networking_rutx_vpn_openvpn_server_configuration_v3~~.png|border|class=tlt-border]]

+

[[File:Networking_rutx_vpn_openvpn_server_configuration_v4.png|border|class=tlt-border]]

Line 374: Line 374:

</tr>

<tr>

−

<td>TLS: TLS cipher</td>

+

<td>TLS/TLS/Password: TLS cipher</td>

−

<td>All {{!}} DHE+RSA {{!}} Custom; default: All</td>

+

<td>All {{!}} DHE+RSA {{!}} Custom; default: All</td>

<td>Packet encryption algorithm cipher.</td>

</tr>

<tr>

−

<td>TLS : Allowed TLS ciphers</td>

+

<td>TLS/TLS/Password: Allowed TLS ciphers</td>

<td>Custom {{!}} TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 {{!}} TLS-DHE-RSA-WITH-AES-256-CBC-SHA {{!}} TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 {{!}} TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA {{!}} TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA {{!}} TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 {{!}} TLS-DHE-RSA-WITH-AES-128-CBC-SHA {{!}} TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 {{!}} TLS-DHE-RSA-WITH-SEED-CBC-SHA {{!}} TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA {{!}} TLS-DHE-RSA-WITH-DES-CBC-SHA; default: All</td>

<td>Specific cyphers to use. Only 6 can be selected at a time.</td>

Line 409: Line 409:

</tr>

<tr>

−

<td>TLS/TLS/Password/Password: Client to client</td>

+

<td>TLS/TLS/Password/Password: Client to client</td>

<td>off {{!}} on; default: off</td>

<td>Allows OpenVPN clients to communicate with each other on the VPN network.</td>

</tr>

<tr>

−

<td>TLS/TLS/Password/Password: Keep alive</td>

+

<td>TLS/TLS/Password/Password: Keep alive</td>

<td>two integers separated by a space; default: none</td>

<td>Defines two time intervals: the first is used to periodically send ICMP requests to the OpenVPN server, the second one defines a time window, which is used to restart the OpenVPN service if no ICMP response is received during the specified time slice. When this value is specifiied on the OpenVPN server, it overrides the 'keep alive' values set on client instances. Example: 10 120</td>

</tr>

<tr>

−

<td>TLS/TLS/Password/Password: Virtual network IP address</td>

+

<td>TLS/TLS/Password/Password: Virtual network IP address</td>

<td>ip4; default: none</td>

<td>IPv4 address of the OpenVPN network.</td>

</tr>

<tr>

−

<td>TLS/TLS/Password/Password: Virtual network netmask</td>

+

<td>TLS/TLS/Password/Password: Virtual network netmask</td>

<td>netmask; default: none</td>

<td>Subnet mask of the OpenVPN network.</td>

</tr>

<tr>

−

<td>TLS/TLS/Password/Password: Virtual network IPv6 address</td>

+

<td>TLS/TLS/Password/Password: Assign IP start</td>

+

<td>IP; default: none</td>

+

<td>Assign IP addresses starting from a pool of subnets to be dynamically allocated to connecting clients.</td>

+

</tr>

+

<tr>

+

<td>TLS/TLS/Password/Password: Assign IP end</td>

+

<td>IP; default: none</td>

+

<td>Assign IP addresses ending at a pool of subnets to be dynamically allocated to connecting clients.</td>

+

</tr>

+

<tr>

+

<td>TLS/TLS/Password/Password: Virtual network IPv6 address</td>

<td>ip6; default: none</td>

<td>IPv6 address of the OpenVPN network. This field becomes visible when protocol is set to UDP6 or TCP6</td>

</tr>

<tr>

−

<td>TLS/TLS/Password/Password: Push option</td>

+

<td>TLS/TLS/Password/Password: Push option</td>

<td>OpenVPN options; default: none</td>

<td>Push options are a way to "push" routes and other additional OpenVPN options to connecting clients.</td>

</tr>

<tr>

−

<td>TLS/TLS/Password/Password: Allow duplicate certificates</td>

+

<td>TLS/TLS/Password/Password: Allow duplicate certificates</td>

<td>off {{!}} on; default: off</td>

<td>When enabled allows multiple clients to connect using the same certificates.</td>

</tr>

<tr>

−

<td>TLS/Password/Password: Usernames & Passwords</td>

+

<td>TLS/Password/Password: Usernames & Passwords</td>

<td>-interactive button; default: none</td>

<td>File containing usernames and passwords against which the server can authenticate clients. Each username and password pair should be placed on a single line and separated by a space..</td>

Line 454: Line 464:

</tr>

<tr>

−

<td>TLS/TLS/Password/Password: Certificate authority</td>

+

<td>TLS/TLS/Password/Password: Certificate authority</td>

<td>.ca file; default: none</td>

<td>Certificate authority is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate.</td>

</tr>

<tr>

−

<td>TLS/TLS/Password/Password: Server certificate</td>

+

<td>TLS/TLS/Password/Password: Server certificate</td>

<td>.crt file; default: none</td>

<td>A type of digital certificate that is used to identify the OpenVPN server.</td>

</tr>

<tr>

−

<td>TLS/TLS/Password/Password: Server key</td>

+

<td>TLS/TLS/Password/Password: Server key</td>

<td>.key file; default: none</td>

<td>Authenticates clients to the server.</td>

</tr>

<tr>

−

<td>TLS/TLS/Password/Password: Diffie Hellman parameters</td>

+

<td>TLS/TLS/Password/Password: Diffie Hellman parameters</td>

<td>.pem file; default: none</td>

<td>DH parameters define how OpenSSL performs the Diffie-Hellman (DH) key-exchange.</td>

</tr>

<tr>

−

<td>TLS/TLS/Password/Password: CRL file (optional)</td>

+

<td>TLS/TLS/Password/Password: CRL file (optional)</td>

<td>.pem file {{!}} .crl file; Default: none</td>

<td>A certificate revocation list (CRL) file is a list of certificates that have been revoked by the certificate authority (CA). It indicates which certificates are no longer acccepted by the CA and therefore cannot be authenticated to the server.</td>

Line 484: Line 494:

<li>Some configuration fields become available only when certain other parameters are selected. The names of the parameters are followed by a prefix that specifies the authentication type under which they become visible. Different color codes are used for different prefixes:

<ul>

−

<li>Red for Authentication: TLS ~~and~~ TLS/~~Password~~</li>

+

<li>Red for Authentication: TLS</li>

+

<li>Olive for Authentication: TLS/Passwords</li>

<li>Purple for Authentication: Static key</li>

<li>Blue for Authentication: Password</li>

Vainius.l

Administrators

8,925

edits

Namespaces

Variants

Views

More

Search

Changes

Template:Networking rutos manual vpn (view source)

Revision as of 13:47, 2 July 2024

Navigation menu

Personal tools

NAVIGATION

Tools

Categories