Line 75: |
Line 75: |
| port 1194 | | port 1194 |
| dev tap | | dev tap |
− |
| |
| tls-server | | tls-server |
− |
| |
| dh dh1024.pem | | dh dh1024.pem |
| ca ca.crt | | ca ca.crt |
| cert server.crt | | cert server.crt |
| key server.key | | key server.key |
− |
| |
| auth-user-pass-verify ./validate.sh via-env | | auth-user-pass-verify ./validate.sh via-env |
| client-disconnect ./logoff.sh | | client-disconnect ./logoff.sh |
− |
| |
| up ./openvpn.up | | up ./openvpn.up |
− |
| |
| mode server | | mode server |
| duplicate-cn | | duplicate-cn |
| ifconfig 192.168.100.1 255.255.255.0 | | ifconfig 192.168.100.1 255.255.255.0 |
− |
| |
| ifconfig-pool 192.168.100.100 192.168.100.200 255.255.255.0 # IP range for OpenVPN clients | | ifconfig-pool 192.168.100.100 192.168.100.200 255.255.255.0 # IP range for OpenVPN clients |
− |
| |
| mtu-test | | mtu-test |
| tun-mtu 1500 | | tun-mtu 1500 |
Line 100: |
Line 93: |
| ping 10 | | ping 10 |
| ping-restart 120 | | ping-restart 120 |
− |
| |
| push "ping 10" | | push "ping 10" |
| push "ping-restart 60" | | push "ping-restart 60" |
− |
| |
| push "dhcp-option DOMAIN yourdomain.com" # push the DNS domain suffix | | push "dhcp-option DOMAIN yourdomain.com" # push the DNS domain suffix |
| push "dhcp-option DNS 192.168.1.1" # push primary DNS entry to the openvpn clients. | | push "dhcp-option DNS 192.168.1.1" # push primary DNS entry to the openvpn clients. |
| push "route 192.168.1.0 255.255.255.0 192.168.100.1" # add route to to protected network | | push "route 192.168.1.0 255.255.255.0 192.168.100.1" # add route to to protected network |
− |
| |
| comp-lzo | | comp-lzo |
| status-version 2 | | status-version 2 |
Line 114: |
Line 104: |
| | | |
| If you are running this server is "server-gateway mode" you now need to open port 1194 for UDP traffic as this is the default tunnel for OpenVPN. Now go into the Server Manager panel under port forwarding and forward UDP/1194 to "localhost". If your server is in "server mode" nothing needs to be done here. | | If you are running this server is "server-gateway mode" you now need to open port 1194 for UDP traffic as this is the default tunnel for OpenVPN. Now go into the Server Manager panel under port forwarding and forward UDP/1194 to "localhost". If your server is in "server mode" nothing needs to be done here. |
| + | |
| + | You now need to add the VPN address range as a local networks in the server-manager under the Security section. |
| + | |
| + | Router: IP address of the SME servers LAN net. I this example 192.168.1.1 |
| + | |
| + | The last thing you need to do before the installation is complete is to do a small change in the /etc/openvpn/openvpn.up file. Change the 192.168.1.1 value to match router you used when adding a local network. |
| + | |
| + | When you have changed the file to match your network we start the service. |
| + | |
| + | /etc/init.d/openvpn start |
| + | |
| + | Verify that the service is running correctly by issuing an "ifconfig" and see the new "tap0" device |
| + | |
| + | tap0 Link encap:Ethernet HWaddr 00:FF:A3:3C:75:18 |
| + | inet addr:192.168.100.1 Bcast:192.168.100.255 Mask:255.255.255.0 |
| + | UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 |
| + | RX packets:178204868 errors:0 dropped:0 overruns:0 frame:0 |
| + | TX packets:192915252 errors:0 dropped:1880 overruns:0 carrier:0 |
| + | collisions:0 |
| + | RX bytes:1802570258 (1719.0 Mb) TX bytes:1338165457 (1276.1 Mb) |
| + | |
| + | ==OpenVPN Client Configuration== |