31,703
edits
Changes
no edit summary
<tr>
<tr>
<td>Enable</td>
<td>Enable</td>
<td>yes {{!}} no; Default: '''no'''</td>
<td>yes | no; Default: '''no'''</td>
<td>Enables the OpenVPN instance</td>
<td>Enables the OpenVPN instance</td>
</tr>
</tr>
<tr>
<tr>
<td>TUN/TAP</td>
<td>TUN/TAP</td>
<td>TUN (tunnel) {{!}} TAP (bridged); Default: '''TUN (tunnel)'''</td>
<td>TUN (tunnel) | TAP (bridged); Default: '''TUN (tunnel)'''</td>
<td>OpenVPN interface type. '''TUN''' is most often in typical VPN connections, however, '''TAP''' is required in some Ethernet bridging configurations</td>
<td>OpenVPN interface type. '''TUN''' is most often in typical VPN connections, however, '''TAP''' is required in some Ethernet bridging configurations</td>
</tr>
</tr>
<tr>
<tr>
<td>Protocol</td>
<td>Protocol</td>
<td>UDP {{!}} TCP; Default: '''UDP'''</td>
<td>UDP | TCP; Default: '''UDP'''</td>
<td>The transfer protocol used by the OpenVPN connection. '''TCP''' is connection oriented – once a connection is established, data can be sent bidirectionally. '''UDP''' is a simpler, connectionless Internet protocol. '''UDP''' is usually faster but '''TCP''' has more security features. Choose the connection protocol according to your needs.</td>
<td>The transfer protocol used by the OpenVPN connection. '''TCP''' is connection oriented – once a connection is established, data can be sent bidirectionally. '''UDP''' is a simpler, connectionless Internet protocol. '''UDP''' is usually faster but '''TCP''' has more security features. Choose the connection protocol according to your needs.</td>
</tr>
</tr>
<tr>
<tr>
<td>LZO</td>
<td>LZO</td>
<td>yes {{!}} no; Default: '''no'''</td>
<td>yes | no; Default: '''no'''</td>
<td>With LZO compression, your VPN connection will generate less network traffic. However, enabling this causes a higher CPU load. Use it carefully with a high traffic rate or low CPU resources</td>
<td>With LZO compression, your VPN connection will generate less network traffic. However, enabling this causes a higher CPU load. Use it carefully with a high traffic rate or low CPU resources</td>
</tr>
</tr>
<tr>
<tr>
<td>Encryption</td>
<td>Encryption</td>
<td>DES-CBC 64 {{!}} RC2-CBC 128 {{!}} DES-EDE-CBC 128 {{!}} DES-EDE3-CBC 192 {{!}} DESX-CBC 192 {{!}} BF-CBC 128 {{!}} RC2-40-CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-40CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-64-CBC 64{{!}} AES-128-CBC 128 {{!}} AES-192-CBC 192 {{!}} AES-256-CBC 256 {{!}} none; Default: '''BF-CBC 128'''</td>
<td>DES-CBC 64 | RC2-CBC 128 | DES-EDE-CBC 128 | DES-EDE3-CBC 192 | DESX-CBC 192 | BF-CBC 128 | RC2-40-CBC 40 | CAST5-CBC 128 | RC2-40CBC 40 | CAST5-CBC 128 | RC2-64-CBC 64| AES-128-CBC 128 | AES-192-CBC 192 | AES-256-CBC 256 | none; Default: '''BF-CBC 128'''</td>
<td>Packet encryption algorithm</td>
<td>Packet encryption algorithm</td>
</tr>
</tr>
<tr>
<tr>
<td>Authentication</td>
<td>Authentication</td>
<td>TLS {{!}} Static Key {{!}} Password {{!}} TLS/Password; Default: '''TLS'''</td>
<td>TLS | Static Key | Password | TLS/Password; Default: '''TLS'''</td>
<td>Authentication mode, used to secure data sessions.
<td>Authentication mode, used to secure data sessions.
'''Static key''' is a secret key used for server–client authentication.
'''Static key''' is a secret key used for server–client authentication.
<tr>
<tr>
<td>TLS cipher</td>
<td>TLS cipher</td>
<td>all {{!}} DHE+RSA {{!}} custom; Default: '''all'''</td>
<td>all | DHE+RSA | custom; Default: '''all'''</td>
<td>Packet encryption algorithm cipher</td>
<td>Packet encryption algorithm cipher</td>
</tr>
</tr>
<tr>
<tr>
<td>Resolve retry</td>
<td>Resolve retry</td>
<td>integer {{!}} infinite; Default: '''infinite'''</td>
<td>integer | infinite; Default: '''infinite'''</td>
<td>Time in seconds to resolve server hostname periodically in case of first resolve failure before generating service exception</td>
<td>Time in seconds to resolve server hostname periodically in case of first resolve failure before generating service exception</td>
</tr>
</tr>
<tr>
<tr>
<td>HMAC authentication algorithm</td>
<td>HMAC authentication algorithm</td>
<td>none {{!}} SHA1 {{!}} SHA256 {{!}} SHA384 {{!}} SHA512; Default: '''SHA1'''</td>
<td>none | SHA1 | SHA256 | SHA384 | SHA512; Default: '''SHA1'''</td>
<td>HMAC authentication algorithm type</td>
<td>HMAC authentication algorithm type</td>
</tr>
</tr>
<tr>
<tr>
<td>Additional HMAC authentication</td>
<td>Additional HMAC authentication</td>
<td>yes {{!}} no; Default: '''no'''</td>
<td>yes | no; Default: '''no'''</td>
<td>An additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks</td>
<td>An additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks</td>
</tr>
</tr>
<tr>
<tr>
<td>Enable</td>
<td>Enable</td>
<td>yes {{!}} no; Default: '''no'''</td>
<td>yes | no; Default: '''no'''</td>
<td>Enables the OpenVPN instance</td>
<td>Enables the OpenVPN instance</td>
</tr>
</tr>
<tr>
<tr>
<td>TUN/TAP</td>
<td>TUN/TAP</td>
<td>TUN (tunnel) {{!}} TAP (bridged); Default: '''TUN (tunnel)'''</td>
<td>TUN (tunnel) | TAP (bridged); Default: '''TUN (tunnel)'''</td>
<td>OpenVPN interface type. '''TUN''' is most often in typical VPN connections, however, '''TAP''' is required in some Ethernet bridging configurations</td>
<td>OpenVPN interface type. '''TUN''' is most often in typical VPN connections, however, '''TAP''' is required in some Ethernet bridging configurations</td>
</tr>
</tr>
<tr>
<tr>
<td>Protocol</td>
<td>Protocol</td>
<td>UDP {{!}} TCP; Default: '''UDP'''</td>
<td>UDP | TCP; Default: '''UDP'''</td>
<td>The transfer protocol used by the OpenVPN connection. '''TCP''' is connection oriented – once a connection is established, data can be sent bidirectionally. '''UDP''' is a simpler, connectionless Internet protocol. '''UDP''' is usually faster but '''TCP''' has more security features. Choose the connection protocol according to your needs.</td>
<td>The transfer protocol used by the OpenVPN connection. '''TCP''' is connection oriented – once a connection is established, data can be sent bidirectionally. '''UDP''' is a simpler, connectionless Internet protocol. '''UDP''' is usually faster but '''TCP''' has more security features. Choose the connection protocol according to your needs.</td>
</tr>
</tr>
<tr>
<tr>
<td>LZO</td>
<td>LZO</td>
<td>yes {{!}} no; Default: '''no'''</td>
<td>yes | no; Default: '''no'''</td>
<td>With LZO compression, your VPN connection will generate less network traffic. However, enabling this causes a higher CPU load. Use it carefully with a high traffic rate or low CPU resources</td>
<td>With LZO compression, your VPN connection will generate less network traffic. However, enabling this causes a higher CPU load. Use it carefully with a high traffic rate or low CPU resources</td>
</tr>
</tr>
<tr>
<tr>
<td>Encryption</td>
<td>Encryption</td>
<td>DES-CBC 64 {{!}} RC2-CBC 128 {{!}} DES-EDE-CBC 128 {{!}} DES-EDE3-CBC 192 {{!}} DESX-CBC 192 {{!}} BF-CBC 128 {{!}} RC2-40-CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-40CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-64-CBC 64{{!}} AES-128-CBC 128 {{!}} AES-192-CBC 192 {{!}} AES-256-CBC 256 {{!}} none; Default: '''BF-CBC 128'''</td>
<td>DES-CBC 64 | RC2-CBC 128 | DES-EDE-CBC 128 | DES-EDE3-CBC 192 | DESX-CBC 192 | BF-CBC 128 | RC2-40-CBC 40 | CAST5-CBC 128 | RC2-40CBC 40 | CAST5-CBC 128 | RC2-64-CBC 64| AES-128-CBC 128 | AES-192-CBC 192 | AES-256-CBC 256 | none; Default: '''BF-CBC 128'''</td>
<td>Packet encryption algorithm</td>
<td>Packet encryption algorithm</td>
</tr>
</tr>
<tr>
<tr>
<td>Authentication</td>
<td>Authentication</td>
<td>TLS'''*''' {{!}} Static Key {{!}} Password {{!}} TLS/Password; Default: '''TLS'''</td>
<td>TLS'''*''' | Static Key | Password | TLS/Password; Default: '''TLS'''</td>
<td>Authentication mode, used to secure data sessions.
<td>Authentication mode, used to secure data sessions.
'''Static key''' is a secret key used for server–client authentication.
'''Static key''' is a secret key used for server–client authentication.
<tr>
<tr>
<td>TLS cipher</td>
<td>TLS cipher</td>
<td>all {{!}} DHE+RSA {{!}} custom; Default: '''all'''</td>
<td>all | DHE+RSA | custom; Default: '''all'''</td>
<td>Packet encryption algorithm cipher</td>
<td>Packet encryption algorithm cipher</td>
</tr>
</tr>
<tr>
<tr>
<td>Client to client</td>
<td>Client to client</td>
<td>yes {{!}} no; Default: '''no'''</td>
<td>yes | no; Default: '''no'''</td>
<td>Enables client to client communication in the Virtual network. In order for Client to client to work, the TLS Clients section most be utilized</td>
<td>Enables client to client communication in the Virtual network. In order for Client to client to work, the TLS Clients section most be utilized</td>
</tr>
</tr>
<tr>
<tr>
<td>Allow duplicate certificates</td>
<td>Allow duplicate certificates</td>
<td>yes {{!}} no; Default: '''no'''</td>
<td>yes | no; Default: '''no'''</td>
<td>If checked, the server allows clients to connect with identical certificates</td>
<td>If checked, the server allows clients to connect with identical certificates</td>
</tr>
</tr>
</tr>
</tr>
</table>
</table>
[[Category:RUT850 WebUI]]