31,703
edits
Changes
Template:Networking rut manual vpn (view source)
Revision as of 12:58, 1 July 2019
, 12:58, 1 July 2019no edit summary
{{{name}}} routers run OpenVPN version <b>2.4.5</b>.
{{{name}}} routers run OpenVPN version <b>2.4.5</b>.
===OpenVPN client===
===OpenVPN client===
<td>Enable</td>
<td>Enable</td>
<td>yes | no; Default: <b>no</b></td>
<td>yes | no; Default: <b>no</b></td>
<td>Turns the OpenVPN instance ON or OFF.</td>
<td>Turns the OpenVPN instance on or off.</td>
</tr>
</tr>
<tr>
<tr>
<td>TUN/TAP</td>
<td>TUN/TAP</td>
<td>TUN (tunnel) | TAP (bridged); Default: <b>TUN (tunnel)</b></td>
<td>TUN (tunnel) | TAP (bridged); Default: <b>TUN (tunnel)</b></td>
<td>Virtual network device type.
<td>Virtual network device type.
<ul>
<ul>
<li><b>TUN</b> - a virtual point-to-point IP link which operates at the network layer (OSI layer 3), generally used when routing is required.</li>
<li><b>TUN</b> - a virtual point-to-point IP link which operates at the network layer (OSI layer 3), used when routing is required.</li>
<li><b>TAP</b> - a virtual Ethernet adapter (switch), operates at the data link layer (OSI layer 2), generally used when bridging is required.</li>
<li><b>TAP</b> - a virtual Ethernet adapter (switch), operates at the data link layer (OSI layer 2), used when bridging is required.</li>
</ul>
</ul>
</td>
</td>
<td>Protocol</td>
<td>Protocol</td>
<td>UDP | TCP; Default: <b>UDP</b></td>
<td>UDP | TCP; Default: <b>UDP</b></td>
<td>Transfer protocol used for the connection.
<td>Transfer protocol used for the OpenVPN connection.
<ul>
<ul>
<li><b>Transmission Control Protocol</b> (<b>TCP</b>) - most commonly used protocol in the Internet protocol suite. It ensures the recipient will receive packets in the order they were sent by numbering, analysing response messages, checking for errors and resending them if an issue occurs. It should be used when reliability is crucial (for example, file transfer).</li>
<li><b>Transmission Control Protocol</b> (<b>TCP</b>) - most commonly used protocol in the Internet protocol suite. It ensures the recipient will receive packets in the order they were sent by numbering, analysing response messages, checking for errors and resending them if an issue occurs. It should be used when reliability is crucial (for example, in file transfer).</li>
<li><b>User Datagram Protocol</b> (<b>UDP</b>) - packets are sent to the recipient without error-checking or back-and-forth quality control, meaning that when packets are lost, they are gone forever. This makes it less reliable but faster than TCP; therefore, it should be used when transfer speed is crucial (for example, video streaming, live calls).</li>
<li><b>User Datagram Protocol</b> (<b>UDP</b>) - packets are sent to the recipient without error-checking or back-and-forth quality control, meaning that when packets are lost, they are gone forever. This makes it less reliable but faster than TCP; therefore, it should be used when transfer speed is crucial (for example, in video streaming, live calls).</li>
</ul>
</ul>
</td>
</td>
<td>Port</td>
<td>Port</td>
<td>integer [0..65535]; Default: <b>1194</b></td>
<td>integer [0..65535]; Default: <b>1194</b></td>
<td>TCP/UDP port number used for the connection. Make sure it matches the port number specified on the server side. When you enable the OpenVPN instance, a firewall rule allowing traffic on the selected port is automatically generated on the router.</td>
<td>TCP/UDP port number used for the connection. Make sure it matches the port number specified on the server side.<br><b>NOTE</b>: traffic on the selected port will be automatically allowed in the router's firewall rules.</td>
</tr>
</tr>
<tr>
<tr>
<td>LZO</td>
<td>LZO</td>
<td>yes | no; Default: <b>no</b></td>
<td>yes | no; Default: <b>no</b></td>
<td>Enables LZO data compression.</td>
<td>Turns LZO data compression on or off.</td>
</tr>
</tr>
<tr>
<tr>
<td>Encryption</td>
<td>Encryption</td>
<td>DES-CBC 64 | RC2-CBC 128 | DES-EDE-CBC 128 | DES-EDE3-CBC 192 | DESX-CBC 192 | BF-CBC 128 | RC2-40-CBC 40 | CAST5-CBC 128 | RC2-40CBC 40 | CAST5-CBC 128 | RC2-64-CBC 64| AES-128-CBC 128 | AES-192-CBC 192 | AES-256-CBC 256 | none; Default: <b>BF-CBC 128</b></td>
<td>DES-CBC 64 | RC2-CBC 128 | DES-EDE-CBC 128 | DES-EDE3-CBC 192 | DESX-CBC 192 | BF-CBC 128 | RC2-40-CBC 40 | CAST5-CBC 128 | RC2-40CBC 40 | CAST5-CBC 128 | RC2-64-CBC 64| AES-128-CBC 128 | AES-192-CBC 192 | AES-256-CBC 256 | none; Default: <b>BF-CBC 128</b></td>
<td>Algorithm used in packet encryption.</td>
<td>Algorithm used for packet encryption.</td>
</tr>
</tr>
<tr>
<tr>
</tr>
</tr>
<tr>
<tr>
<td>Remote host / IP address</td>
<td><span style="color: red;">TLS:</span> Allowed TLS ciphers</td>
<td>All | DHE+RSA | Custom; Default: <b>All</b></td>
<td>A list of TLS ciphers accepted for this connection.</td>
</tr>
<tr>
<td>Remote host/IP address</td>
<td>ip; Default: <b>none</b></td>
<td>ip; Default: <b>none</b></td>
<td>IP address or hostname of an OpenVPN server.</td>
<td>IP address or hostname of an OpenVPN server.</td>
<td>Keep alive</td>
<td>Keep alive</td>
<td>two integers separated by a space; Default: <b>none</b></td>
<td>two integers separated by a space; Default: <b>none</b></td>
<td>Defines two time intervals: one is used to periodically send ICMP request to the OpenVPN server, the other defines a time window, which is used to restart the OpenVPN service, if no ICMP response is received during the window time slice.<br>Example: 10 120</td>
<td>Defines two time intervals: the first is used to periodically send ICMP requests to the OpenVPN server, the second one defines a time window, which is used to restart the OpenVPN service if no ICMP response is received during the specified time slice. When this value is specfiied on the OpenVPN server, it overrides the 'keep alive' values set on client instances.<br><b>Example</b>: <i>10 120</i></td>
</tr>
</tr>
<tr>
<tr>
<td><span style="color: purple;">Static key:</span> Local tunnel endpoint IP</td>
<td><span style="color: purple;">Static key:</span> Local tunnel endpoint IP</td>
<td>ip; Default: <b>none</b></td>
<td>ip; Default: <b>none</b></td>
<td>OpenVPN IP address of the local network interface.</td>
<td>IP address of the local OpenVPN network interface.</td>
</tr>
</tr>
<tr>
<tr>
<td><span style="color: purple;">Static key:</span> Remote tunnel endpoint IP</td>
<td><span style="color: purple;">Static key:</span> Remote tunnel endpoint IP</td>
<td>ip; Default: <b>none</b></td>
<td>ip; Default: <b>none</b></td>
<td>OpenVPN IP address of the remote network (server) interface.</td>
<td>IP address of the remote network OpenVPN (server) interface.</td>
</tr>
</tr>
<tr>
<tr>
<td><span style="color: #0054a6;">Password:</span> User name</td>
<td><span style="color: #0054a6;">Password:</span> User name</td>
<td>string; Default: <b>none</b></td>
<td>string; Default: <b>none</b></td>
<td>User name used for authentication to the OpenVPN server.</td>
<td>Username used for authentication to the OpenVPN server.</td>
</tr>
</tr>
<tr>
<tr>
<td>Extra options</td>
<td>Extra options</td>
<td>string; Default: <b>none</b></td>
<td>string; Default: <b>none</b></td>
<td>Extra options to be used by the OpenVPN instance.</td>
<td>Extra OpenVPN options to be used by the OpenVPN instance.</td>
</tr>
</tr>
<tr>
<tr>
<b>Additional notes</b>:
<b>Additional notes</b>:
<ul>
<ul>
<li>Some configuration fields become available only when certain other parameters are selected. The names of the parameters are followed by a prefix that specifies the authentication type under which they become visible. Different color codes are used for different praefixa:
<li>Some configuration fields become available only when certain other parameters are selected. The names of the parameters are followed by a prefix that specifies the authentication type under which they become visible. Different color codes are used for different prefixes:
<ul>
<ul>
<li>Red for <span style="color: red;">Authentication: TLS</span></li>
<li>Red for <span style="color: red;">Authentication: TLS</span></li>
<td>Virtual network device type.
<td>Virtual network device type.
<ul>
<ul>
<li><b>TUN</b> - a virtual point-to-point IP link which operates at the network layer (OSI layer 3), generally used when routing is required.</li>
<li><b>TUN</b> - a virtual point-to-point IP link which operates at the network layer (OSI layer 3), used when routing is required.</li>
<li><b>TAP</b> - a virtual Ethernet adapter (switch), operates at the data link layer (OSI layer 2), generally used when bridging is required.</li>
<li><b>TAP</b> - a virtual Ethernet adapter (switch), operates at the data link layer (OSI layer 2), used when bridging is required.</li>
</ul>
</ul>
</td>
</td>
<td>Port</td>
<td>Port</td>
<td>integer [0..65535]; Default: <b>1194</b></td>
<td>integer [0..65535]; Default: <b>1194</b></td>
<td>TCP/UDP port number used for the connection. Make sure it matches the port number specified on the server side. When you enable the OpenVPN instance, a firewall rule allowing traffic on the selected port is automatically generated on the router.</td>
<td>TCP/UDP port number used for the connection. Make sure it matches the port number specified on the server side.<br><b>NOTE</b>: traffic on the selected port will be automatically allowed in the router's firewall rules.</td>
</tr>
</tr>
<tr>
<tr>
<td>LZO</td>
<td>LZO</td>
<td>yes | no; Default: <b>no</b></td>
<td>yes | no; Default: <b>no</b></td>
<td>Enables LZO data compression.</td>
<td>Turns LZO data compression on or off.</td>
</tr>
</tr>
<tr>
<tr>
<td>All | DHE+RSA | Custom; Default: <b>All</b></td>
<td>All | DHE+RSA | Custom; Default: <b>All</b></td>
<td>Packet encryption algorithm cipher.</td>
<td>Packet encryption algorithm cipher.</td>
</tr>
<tr>
<td><span style="color: red;">TLS/Password:</span> Allowed TLS ciphers</td>
<td>All | DHE+RSA | Custom; Default: <b>All</b></td>
<td>A list of TLS ciphers accepted for this connection.</td>
</tr>
</tr>
<tr>
<tr>
<td><span style="color: red;">TLS</span>/<span style="color: #0054a6;">TLS/Password:</span> Keep alive</td>
<td><span style="color: red;">TLS</span>/<span style="color: #0054a6;">TLS/Password:</span> Keep alive</td>
<td>two integers separated by a space; Default: <b>none</b></td>
<td>two integers separated by a space; Default: <b>none</b></td>
<td>Defines two time intervals: one is used to periodically send ICMP request by the client to the OpenVPN server, the other defines a time window, which is used to restart the OpenVPN service, if no ICMP response is received during the window time slice.<br>Example: 10 120</td>
<td>Defines two time intervals: the first is used to periodically send ICMP requests to the OpenVPN server, the second one defines a time window, which is used to restart the OpenVPN service if no ICMP response is received during the specified time slice. When this value is specifiied on the OpenVPN server, it overrides the 'keep alive' values set on client instances.<br><b>Example</b>: <i>10 120</i></td>
</tr>
</tr>
<tr>
<tr>
<td><span style="color: #0054a6;">TLS/Password:</span> User name</td>
<td><span style="color: #0054a6;">TLS/Password:</span> User name</td>
<td>string; Default: <b>none</b></td>
<td>string; Default: <b>none</b></td>
<td>User name used for authentication to the OpenVPN server.</td>
<td>Username used for authentication to the OpenVPN server.</td>
</tr>
</tr>
<tr>
<tr>
