Line 23: |
Line 23: |
| {| class="wikitable" | | {| class="wikitable" |
| |+ | | |+ |
− | ! style="width: 250px; background: black; color: white;" | Field name | + | ! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME |
− | ! style="width: 250px; background: black; color: white;" | Value | + | ! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE |
− | ! style="width: 1200px; background: black; color: white;" | Description | + | ! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | Enable | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Enable |
− | | style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''no''' | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no''' |
− | | style="text-align: left; vertical-align: top;" | Enables the OpenVPN instance | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Enables the OpenVPN instance |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | TUN/TAP | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | TUN/TAP |
− | | style="text-align: left; vertical-align: top;" | TUN (tunnel) {{!}} TAP (bridged); Default: '''TUN (tunnel)''' | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | TUN (tunnel) {{!}} TAP (bridged); Default: '''TUN (tunnel)''' |
− | | style="text-align: left; vertical-align: top;" | OpenVPN interface type. '''TUN''' is most often in typical VPN connections, however, '''TAP''' is required in some Ethernet bridging configurations | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | OpenVPN interface type. '''TUN''' is most often in typical VPN connections, however, '''TAP''' is required in some Ethernet bridging configurations |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | Protocol | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Protocol |
− | | style="text-align: left; vertical-align: top;" | UDP {{!}} TCP; Default: '''UDP''' | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | UDP {{!}} TCP; Default: '''UDP''' |
− | | style="text-align: left; vertical-align: top;" | The transfer protocol used by the OpenVPN connection. '''TCP''' is connection oriented – once a connection is established, data can be sent bidirectionally. '''UDP''' is a simpler, connectionless Internet protocol. '''UDP''' is usually faster but '''TCP''' has more security features. Choose the connection protocol according to your needs. | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The transfer protocol used by the OpenVPN connection. '''TCP''' is connection oriented – once a connection is established, data can be sent bidirectionally. '''UDP''' is a simpler, connectionless Internet protocol. '''UDP''' is usually faster but '''TCP''' has more security features. Choose the connection protocol according to your needs. |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | Port | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Port |
− | | style="text-align: left; vertical-align: top;" | integer [0..65535]; Default: '''1194''' | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer [0..65535]; Default: '''1194''' |
− | | style="text-align: left; vertical-align: top;" | TCP/UDP Port number for both local and remote endpoints (make sure that the chosen port is allowed by firewall) | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | TCP/UDP Port number for both local and remote endpoints (make sure that the chosen port is allowed by firewall) |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | LZO | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | LZO |
− | | style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''no''' | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no''' |
− | | style="text-align: left; vertical-align: top;" | With LZO compression, your VPN connection will generate less network traffic. However, enabling this causes a higher CPU load. Use it carefully with a high traffic rate or low CPU resources | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | With LZO compression, your VPN connection will generate less network traffic. However, enabling this causes a higher CPU load. Use it carefully with a high traffic rate or low CPU resources |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | Encryption | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Encryption |
− | | style="text-align: left; vertical-align: top;" | DES-CBC 64 {{!}} RC2-CBC 128 {{!}} DES-EDE-CBC 128 {{!}} DES-EDE3-CBC 192 {{!}} DESX-CBC 192 {{!}} BF-CBC 128 {{!}} RC2-40-CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-40CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-64-CBC 64{{!}} AES-128-CBC 128 {{!}} AES-192-CBC 192 {{!}} AES-256-CBC 256 {{!}} none; Default: '''BF-CBC 128''' | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | DES-CBC 64 {{!}} RC2-CBC 128 {{!}} DES-EDE-CBC 128 {{!}} DES-EDE3-CBC 192 {{!}} DESX-CBC 192 {{!}} BF-CBC 128 {{!}} RC2-40-CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-40CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-64-CBC 64{{!}} AES-128-CBC 128 {{!}} AES-192-CBC 192 {{!}} AES-256-CBC 256 {{!}} none; Default: '''BF-CBC 128''' |
− | | style="text-align: left; vertical-align: top;" | Packet encryption algorithm | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Packet encryption algorithm |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | Authentication | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Authentication |
− | | style="text-align: left; vertical-align: top;" | TLS {{!}} Static Key {{!}} Password {{!}} TLS/Password; Default: '''TLS''' | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | TLS {{!}} Static Key {{!}} Password {{!}} TLS/Password; Default: '''TLS''' |
− | | style="text-align: left; vertical-align: top;" | Authentication mode, used to secure data sessions. | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Authentication mode, used to secure data sessions. |
| '''Static key''' is a secret key used for server–client authentication. | | '''Static key''' is a secret key used for server–client authentication. |
| | | |
Line 66: |
Line 66: |
| '''TLS/Password''' uses both TLS and Password authentication | | '''TLS/Password''' uses both TLS and Password authentication |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | TLS cipher | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | TLS cipher |
− | | style="text-align: left; vertical-align: top;" | all {{!}} DHE+RSA {{!}} custom; Default: '''all''' | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | all {{!}} DHE+RSA {{!}} custom; Default: '''all''' |
− | | style="text-align: left; vertical-align: top;" | Packet encryption algorithm cipher | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Packet encryption algorithm cipher |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | Remote host / IP address | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Remote host / IP address |
− | | style="text-align: left; vertical-align: top;" | ip; Default: " " | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip; Default: " " |
− | | style="text-align: left; vertical-align: top;" | IP address or hostname of an OpenVPN server | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | IP address or hostname of an OpenVPN server |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | Resolve retry | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Resolve retry |
− | | style="text-align: left; vertical-align: top;" | integer {{!}} infinite; Default: '''infinite''' | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer {{!}} infinite; Default: '''infinite''' |
− | | style="text-align: left; vertical-align: top;" | Time in seconds to resolve server hostname periodically in case of first resolve failure before generating service exception | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Time in seconds to resolve server hostname periodically in case of first resolve failure before generating service exception |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | Keep alive | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Keep alive |
− | | style="text-align: left; vertical-align: top;" | integer *space* integer; Default: " " | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer *space* integer; Default: " " |
− | | style="text-align: left; vertical-align: top;" | Defines two time intervals: one is used to periodically send ICMP request to the OpenVPN server, the other defines a time window, which is used to restart the OpenVPN service, if no ICMP response is received during the window time slice. | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Defines two time intervals: one is used to periodically send ICMP request to the OpenVPN server, the other defines a time window, which is used to restart the OpenVPN service, if no ICMP response is received during the window time slice. |
| '''Example:''' 10 60 | | '''Example:''' 10 60 |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | Remote network IP address | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Remote network IP address |
− | | style="text-align: left; vertical-align: top;" | ip; Default: " " | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip; Default: " " |
− | | style="text-align: left; vertical-align: top;" | LAN IP address of the remote network (server) | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | LAN IP address of the remote network (server) |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | Remote network IP netmask | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Remote network IP netmask |
− | | style="text-align: left; vertical-align: top;" | ip; Default: " " | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip; Default: " " |
− | | style="text-align: left; vertical-align: top;" | LAN IP subnet mask of the remote network (server) | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | LAN IP subnet mask of the remote network (server) |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | Username | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Username |
− | | style="text-align: left; vertical-align: top;" | string; Default: " " | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | string; Default: " " |
− | | style="text-align: left; vertical-align: top;" | User name used for authentication | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | User name used for authentication |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | Password | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Password |
− | | style="text-align: left; vertical-align: top;" | string; Default: " " | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | string; Default: " " |
− | | style="text-align: left; vertical-align: top;" | Password name used for authentication | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Password name used for authentication |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | Extra options | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Extra options |
− | | style="text-align: left; vertical-align: top;" | string; Default: " " | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | string; Default: " " |
− | | style="text-align: left; vertical-align: top;" | Extra options to be used by the OpenVPN instance | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Extra options to be used by the OpenVPN instance |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | HMAC authentication algorithm | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | HMAC authentication algorithm |
− | | style="text-align: left; vertical-align: top;" | none {{!}} SHA1 {{!}} SHA256 {{!}} SHA384 {{!}} SHA512; Default: '''SHA1''' | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | none {{!}} SHA1 {{!}} SHA256 {{!}} SHA384 {{!}} SHA512; Default: '''SHA1''' |
− | | style="text-align: left; vertical-align: top;" | HMAC authentication algorithm type | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | HMAC authentication algorithm type |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | Additional HMAC authentication | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Additional HMAC authentication |
− | | style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''no''' | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no''' |
− | | style="text-align: left; vertical-align: top;" | An additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | An additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | Certificate authority | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Certificate authority |
− | | style="text-align: left; vertical-align: top;" | .ca file; Default: " " | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | .ca file; Default: " " |
− | | style="text-align: left; vertical-align: top;" | Certificate authority is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Certificate authority is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | Client certificate | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Client certificate |
− | | style="text-align: left; vertical-align: top;" | .crt file; Default: " " | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | .crt file; Default: " " |
− | | style="text-align: left; vertical-align: top;" | Client certificate is a type of digital certificate that is used by client systems to make authenticated requests to a remote server. Client certificates play a key role in many mutual authentication designs, providing strong assurances of a requester's identity | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Client certificate is a type of digital certificate that is used by client systems to make authenticated requests to a remote server. Client certificates play a key role in many mutual authentication designs, providing strong assurances of a requester's identity |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | Client key | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Client key |
− | | style="text-align: left; vertical-align: top;" | .key file; Default: " " | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | .key file; Default: " " |
− | | style="text-align: left; vertical-align: top;" | Authenticates the client to the server and establishes precisely who they are | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Authenticates the client to the server and establishes precisely who they are |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | Private key decryption password (optional) | + | ! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Private key decryption password (optional) |
− | | style="text-align: left; vertical-align: top;" | string; Default: " " | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | string; Default: " " |
− | | style="text-align: left; vertical-align: top;" | Decrypts server private key password. Use only if server's .key file is encrypted with a password | + | | style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Decrypts server private key password. Use only if server's .key file is encrypted with a password |
| |- | | |- |
| |} | | |} |