177
edits
Changes
From SME Server
Jump to navigationJump to searchno edit summary
port 1194
port 1194
dev tap
dev tap
tls-server
tls-server
dh dh1024.pem
dh dh1024.pem
ca ca.crt
ca ca.crt
cert server.crt
cert server.crt
key server.key
key server.key
auth-user-pass-verify ./validate.sh via-env
auth-user-pass-verify ./validate.sh via-env
client-disconnect ./logoff.sh
client-disconnect ./logoff.sh
up ./openvpn.up
up ./openvpn.up
mode server
mode server
duplicate-cn
duplicate-cn
ifconfig 192.168.100.1 255.255.255.0
ifconfig 192.168.100.1 255.255.255.0
ifconfig-pool 192.168.100.100 192.168.100.200 255.255.255.0 # IP range for OpenVPN clients
ifconfig-pool 192.168.100.100 192.168.100.200 255.255.255.0 # IP range for OpenVPN clients
mtu-test
mtu-test
tun-mtu 1500
tun-mtu 1500
ping 10
ping 10
ping-restart 120
ping-restart 120
push "ping 10"
push "ping 10"
push "ping-restart 60"
push "ping-restart 60"
push "dhcp-option DOMAIN yourdomain.com" # push the DNS domain suffix
push "dhcp-option DOMAIN yourdomain.com" # push the DNS domain suffix
push "dhcp-option DNS 192.168.1.1" # push primary DNS entry to the openvpn clients.
push "dhcp-option DNS 192.168.1.1" # push primary DNS entry to the openvpn clients.
push "route 192.168.1.0 255.255.255.0 192.168.100.1" # add route to to protected network
push "route 192.168.1.0 255.255.255.0 192.168.100.1" # add route to to protected network
comp-lzo
comp-lzo
status-version 2
status-version 2
If you are running this server is "server-gateway mode" you now need to open port 1194 for UDP traffic as this is the default tunnel for OpenVPN. Now go into the Server Manager panel under port forwarding and forward UDP/1194 to "localhost". If your server is in "server mode" nothing needs to be done here.
If you are running this server is "server-gateway mode" you now need to open port 1194 for UDP traffic as this is the default tunnel for OpenVPN. Now go into the Server Manager panel under port forwarding and forward UDP/1194 to "localhost". If your server is in "server mode" nothing needs to be done here.
You now need to add the VPN address range as a local networks in the server-manager under the Security section.
Router: IP address of the SME servers LAN net. I this example 192.168.1.1
The last thing you need to do before the installation is complete is to do a small change in the /etc/openvpn/openvpn.up file. Change the 192.168.1.1 value to match router you used when adding a local network.
When you have changed the file to match your network we start the service.
/etc/init.d/openvpn start
Verify that the service is running correctly by issuing an "ifconfig" and see the new "tap0" device
tap0 Link encap:Ethernet HWaddr 00:FF:A3:3C:75:18
inet addr:192.168.100.1 Bcast:192.168.100.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:178204868 errors:0 dropped:0 overruns:0 frame:0
TX packets:192915252 errors:0 dropped:1880 overruns:0 carrier:0
collisions:0
RX bytes:1802570258 (1719.0 Mb) TX bytes:1338165457 (1276.1 Mb)
==OpenVPN Client Configuration==
