1,365
edits
Changes
→OpenVPN Client
{| class="wikitable"
{| class="wikitable"
|+
|+
! style="width: 250px; background: black; color: white;" | Field name
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
! style="width: 250px; background: black; color: white;" | Value
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
! style="width: 1200px; background: black; color: white;" | Description
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
|-
|-
! style="text-align: left; vertical-align: top;" | Enable
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Enable
| style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''no'''
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no'''
| style="text-align: left; vertical-align: top;" | Enables the OpenVPN instance
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Enables the OpenVPN instance
|-
|-
! style="text-align: left; vertical-align: top;" | TUN/TAP
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | TUN/TAP
| style="text-align: left; vertical-align: top;" | TUN (tunnel) {{!}} TAP (bridged); Default: '''TUN (tunnel)'''
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | TUN (tunnel) {{!}} TAP (bridged); Default: '''TUN (tunnel)'''
| style="text-align: left; vertical-align: top;" | OpenVPN interface type. '''TUN''' is most often in typical VPN connections, however, '''TAP''' is required in some Ethernet bridging configurations
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | OpenVPN interface type. '''TUN''' is most often in typical VPN connections, however, '''TAP''' is required in some Ethernet bridging configurations
|-
|-
! style="text-align: left; vertical-align: top;" | Protocol
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Protocol
| style="text-align: left; vertical-align: top;" | UDP {{!}} TCP; Default: '''UDP'''
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | UDP {{!}} TCP; Default: '''UDP'''
| style="text-align: left; vertical-align: top;" | The transfer protocol used by the OpenVPN connection. '''TCP''' is connection oriented – once a connection is established, data can be sent bidirectionally. '''UDP''' is a simpler, connectionless Internet protocol. '''UDP''' is usually faster but '''TCP''' has more security features. Choose the connection protocol according to your needs.
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The transfer protocol used by the OpenVPN connection. '''TCP''' is connection oriented – once a connection is established, data can be sent bidirectionally. '''UDP''' is a simpler, connectionless Internet protocol. '''UDP''' is usually faster but '''TCP''' has more security features. Choose the connection protocol according to your needs.
|-
|-
! style="text-align: left; vertical-align: top;" | Port
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Port
| style="text-align: left; vertical-align: top;" | integer [0..65535]; Default: '''1194'''
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer [0..65535]; Default: '''1194'''
| style="text-align: left; vertical-align: top;" | TCP/UDP Port number for both local and remote endpoints (make sure that the chosen port is allowed by firewall)
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | With LZO compression, your VPN connection will generate less network traffic. However, enabling this causes a higher CPU load. Use it carefully with a high traffic rate or low CPU resources
|-
|-
! style="text-align: left; vertical-align: top;" | LZO
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | LZO
| style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''no'''
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no'''
| style="text-align: left; vertical-align: top;" | With LZO compression, your VPN connection will generate less network traffic. However, enabling this causes a higher CPU load. Use it carefully with a high traffic rate or low CPU resources
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | With LZO compression, your VPN connection will generate less network traffic. However, enabling this causes a higher CPU load. Use it carefully with a high traffic rate or low CPU resources
|-
|-
! style="text-align: left; vertical-align: top;" | Encryption
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Encryption
| style="text-align: left; vertical-align: top;" | DES-CBC 64 {{!}} RC2-CBC 128 {{!}} DES-EDE-CBC 128 {{!}} DES-EDE3-CBC 192 {{!}} DESX-CBC 192 {{!}} BF-CBC 128 {{!}} RC2-40-CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-40CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-64-CBC 64{{!}} AES-128-CBC 128 {{!}} AES-192-CBC 192 {{!}} AES-256-CBC 256 {{!}} none; Default: '''BF-CBC 128'''
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | DES-CBC 64 {{!}} RC2-CBC 128 {{!}} DES-EDE-CBC 128 {{!}} DES-EDE3-CBC 192 {{!}} DESX-CBC 192 {{!}} BF-CBC 128 {{!}} RC2-40-CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-40CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-64-CBC 64{{!}} AES-128-CBC 128 {{!}} AES-192-CBC 192 {{!}} AES-256-CBC 256 {{!}} none; Default: '''BF-CBC 128'''
| style="text-align: left; vertical-align: top;" | Packet encryption algorithm
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Packet encryption algorithm
|-
|-
! style="text-align: left; vertical-align: top;" | Authentication
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Authentication
| style="text-align: left; vertical-align: top;" | TLS {{!}} Static Key {{!}} Password {{!}} TLS/Password; Default: '''TLS'''
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | TLS {{!}} Static Key {{!}} Password {{!}} TLS/Password; Default: '''TLS'''
| style="text-align: left; vertical-align: top;" | Authentication mode, used to secure data sessions.
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Authentication mode, used to secure data sessions.
'''Static key''' is a secret key used for server–client authentication.
'''Static key''' is a secret key used for server–client authentication.
'''TLS/Password''' uses both TLS and Password authentication
'''TLS/Password''' uses both TLS and Password authentication
|-
|-
! style="text-align: left; vertical-align: top;" | TLS cipher
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | TLS cipher
| style="text-align: left; vertical-align: top;" | all {{!}} DHE+RSA {{!}} custom; Default: '''all'''
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | all {{!}} DHE+RSA {{!}} custom; Default: '''all'''
| style="text-align: left; vertical-align: top;" | Packet encryption algorithm cipher
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Packet encryption algorithm cipher
|-
|-
! style="text-align: left; vertical-align: top;" | Remote host / IP address
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Remote host / IP address
| style="text-align: left; vertical-align: top;" | ip; Default: " "
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip; Default: " "
| style="text-align: left; vertical-align: top;" | IP address or hostname of an OpenVPN server
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | IP address or hostname of an OpenVPN server
|-
|-
! style="text-align: left; vertical-align: top;" | Resolve retry
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Resolve retry
| style="text-align: left; vertical-align: top;" | integer {{!}} infinite; Default: '''infinite'''
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer {{!}} infinite; Default: '''infinite'''
| style="text-align: left; vertical-align: top;" | Time in seconds to resolve server hostname periodically in case of first resolve failure before generating service exception
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Time in seconds to resolve server hostname periodically in case of first resolve failure before generating service exception
|-
|-
! style="text-align: left; vertical-align: top;" | Keep alive
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Keep alive
| style="text-align: left; vertical-align: top;" | integer *space* integer; Default: " "
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer *space* integer; Default: " "
| style="text-align: left; vertical-align: top;" | Defines two time intervals: one is used to periodically send ICMP request to the OpenVPN server, the other defines a time window, which is used to restart the OpenVPN service, if no ICMP response is received during the window time slice.
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Defines two time intervals: one is used to periodically send ICMP request to the OpenVPN server, the other defines a time window, which is used to restart the OpenVPN service, if no ICMP response is received during the window time slice.
'''Example:''' 10 60
'''Example:''' 10 60
|-
|-
! style="text-align: left; vertical-align: top;" | Remote network IP address
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Remote network IP address
| style="text-align: left; vertical-align: top;" | ip; Default: " "
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip; Default: " "
| style="text-align: left; vertical-align: top;" | LAN IP address of the remote network (server)
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | LAN IP address of the remote network (server)
|-
|-
! style="text-align: left; vertical-align: top;" | Remote network IP netmask
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Remote network IP netmask
| style="text-align: left; vertical-align: top;" | ip; Default: " "
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip; Default: " "
| style="text-align: left; vertical-align: top;" | LAN IP subnet mask of the remote network (server)
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | LAN IP subnet mask of the remote network (server)
|-
|-
! style="text-align: left; vertical-align: top;" | Username
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Username
| style="text-align: left; vertical-align: top;" | string; Default: " "
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | string; Default: " "
| style="text-align: left; vertical-align: top;" | User name used for authentication
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | User name used for authentication
|-
|-
! style="text-align: left; vertical-align: top;" | Password
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Password
| style="text-align: left; vertical-align: top;" | string; Default: " "
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | string; Default: " "
| style="text-align: left; vertical-align: top;" | Password name used for authentication
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Password name used for authentication
|-
|-
! style="text-align: left; vertical-align: top;" | Extra options
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Extra options
| style="text-align: left; vertical-align: top;" | string; Default: " "
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | string; Default: " "
| style="text-align: left; vertical-align: top;" | Extra options to be used by the OpenVPN instance
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Extra options to be used by the OpenVPN instance
|-
|-
! style="text-align: left; vertical-align: top;" | HMAC authentication algorithm
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | HMAC authentication algorithm
| style="text-align: left; vertical-align: top;" | none {{!}} SHA1 {{!}} SHA256 {{!}} SHA384 {{!}} SHA512; Default: '''SHA1'''
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | none {{!}} SHA1 {{!}} SHA256 {{!}} SHA384 {{!}} SHA512; Default: '''SHA1'''
| style="text-align: left; vertical-align: top;" | HMAC authentication algorithm type
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | HMAC authentication algorithm type
|-
|-
! style="text-align: left; vertical-align: top;" | Additional HMAC authentication
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Additional HMAC authentication
| style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''no'''
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no'''
| style="text-align: left; vertical-align: top;" | An additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | An additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks
|-
|-
! style="text-align: left; vertical-align: top;" | Certificate authority
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Certificate authority
| style="text-align: left; vertical-align: top;" | .ca file; Default: " "
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | .ca file; Default: " "
| style="text-align: left; vertical-align: top;" | Certificate authority is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Certificate authority is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate
|-
|-
! style="text-align: left; vertical-align: top;" | Client certificate
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Client certificate
| style="text-align: left; vertical-align: top;" | .crt file; Default: " "
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | .crt file; Default: " "
| style="text-align: left; vertical-align: top;" | Client certificate is a type of digital certificate that is used by client systems to make authenticated requests to a remote server. Client certificates play a key role in many mutual authentication designs, providing strong assurances of a requester's identity
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Client certificate is a type of digital certificate that is used by client systems to make authenticated requests to a remote server. Client certificates play a key role in many mutual authentication designs, providing strong assurances of a requester's identity
|-
|-
! style="text-align: left; vertical-align: top;" | Client key
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Client key
| style="text-align: left; vertical-align: top;" | .key file; Default: " "
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | .key file; Default: " "
| style="text-align: left; vertical-align: top;" | Authenticates the client to the server and establishes precisely who they are
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Authenticates the client to the server and establishes precisely who they are
|-
|-
! style="text-align: left; vertical-align: top;" | Private key decryption password (optional)
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Private key decryption password (optional)
| style="text-align: left; vertical-align: top;" | string; Default: " "
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | string; Default: " "
| style="text-align: left; vertical-align: top;" | Decrypts server private key password. Use only if server's .key file is encrypted with a password
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Decrypts server private key password. Use only if server's .key file is encrypted with a password
|-
|-
|}
|}
