Editing
OpenVPN
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Client Configuration == === Required Files === Under Windows, the following files will need to be placed in ''Program Files\OpenVPN\Config'' ==== ca.crt ==== This is the Root CA certificate that the client and server certificates are signed with. It is required for all clients. ==== ta.key ==== This is a preshared secret used for the ''tls-auth'' directive. It is required for all clients. ==== client.crt & client.key ==== These two files are specific to each individual client. Everyone requiring access to the VPN will need these files generated for them. These files are generated on '''inferno.incoherency.net'', as root: cd /root/easy-rsa . ./vars ./build-key clientname Where ''clientname'' is the unique name of the client you are building the certificate/key files for. When prompted for the CN (Common Name) attribute, use the same ''clientname'' parameter used on the command line. ==== incoherency.ovpn ==== This is the main configuration file. Under Unix systems you'd likely call this incoherency.conf or client.conf. The ''ovpn'' extension to this filename is Windows specific. Change the cert and key directives in this file to match your certificate and key files respectively. <pre> client dev tun proto udp remote inferno.incoherency.net 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert yourcert.crt key yourkey.key ns-cert-type server tls-auth ta.key 1 cipher AES-128-CBC comp-lzo </pre> === Mac OS X === OS X has an OpenVPN GUI called [[http://code.google.com/p/tunnelblick/ Tunnelblick]]. The setup is basically the same as in Windows. The client configuration, certificates, etc go in ''~/Library/openvpn''. Unfortunately Tunnelblick does not seem to support the ''redirect-gateway'' directive as of version 3.0b9. === Vista Quirks === * The TAP driver included with OpenVPN in versions prior to 2.1 is not compatible with Vista. At the time of this writing ''OpenVPN 2.1_rc13'' is available and appears to work as expected. Although I'm not sure the TAP driver is required for our purposes, given the TAP interface is used for bridged VPNs, not routed VPNs. * UAC prevents the OpenVPN client from adding or altering routes in the system. When launching the OpenVPN GUI under Vista, write click the shortcut and choose ''Run as Administrator'' to work around this.
Summary:
Please note that all contributions to The Incoherency.Net Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
The Incoherency.Net Wiki:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Create account
Log in
Namespaces
Page
Discussion
English
Views
Read
Edit
View history
More
Search
Navigation
Main Page
Recent changes
Random page
Denis Lemire's Site
Help
Tools
What links here
Related changes
Special pages
Page information