Line 157: |
Line 157: |
| Some advanced options are not presented in the panel. The goal was to keep the panel as simple as possible as most installations won't need to change advanced settings. But advanced options are still available with some DB keys: | | Some advanced options are not presented in the panel. The goal was to keep the panel as simple as possible as most installations won't need to change advanced settings. But advanced options are still available with some DB keys: |
| | | |
− | *ConfigRequired: (enabled|disabled). If set to enable, clients will be rejected un less a configuration rule match the common name of their certificate. This can be usefull if you use just one CA to sign a lot of different certificates, but only want a limited number of certificates to connect to the VPN | + | *'''ConfigRequired''': (enabled|disabled). If set to enable, clients will be rejected un less a configuration rule match the common name of their certificate. This can be usefull if you use just one CA to sign a lot of different certificates, but only want a limited number of certificates to connect to the VPN |
| | | |
− | *UDPPort: (number) Change the port the server listen to when running in UDP mode | + | *'''UDPPort''': (number) Change the port the server listen to when running in UDP mode |
| | | |
− | *TCPPort: (number) Change the port the server listen to when running in TCP mode | + | *'''TCPPort''': (number) Change the port the server listen to when running in TCP mode |
| | | |
− | *access: (private|public) you should let this to public as running a VPN server just for the local network make no sens | + | *'''access''': (private|public) you should let this to public as running a VPN server just for the local network make no sens |
| | | |
− | *cipher: (valid cipher name) You can force the cipher to use. If you put auto, or delete this key, client and server will negociate the stronger cipher both side support. To have the list of the supported cipher, issue the command | + | *'''cipher''': (valid cipher name) You can force the cipher to use. If you put auto, or delete this key, client and server will negociate the stronger cipher both side support. To have the list of the supported cipher, issue the command |
| openvpn --show-ciphers | | openvpn --show-ciphers |
| | | |
− | *clientToClient: (enabled|disabled) If you want to prevent two clients to communicate, you should enable this option | + | *'''clientToClient''': (enabled|disabled) If you want to prevent two clients to communicate, you should enable this option |
| | | |
− | *compLzo: (enabled|disabled) This option control the usage of real time LZO compression. Enabling it usually improve the performance at no cost. It uses an adaptative algorithm, if data sent over the tunnel are uncompressable, the compression will automatically be disabled. You may want to disable it on small hardware. | + | *'''compLzo''': (enabled|disabled) This option control the usage of real time LZO compression. Enabling it usually improve the performance at no cost. It uses an adaptative algorithm, if data sent over the tunnel are uncompressable, the compression will automatically be disabled. You may want to disable it on small hardware. |
| | | |
− | *management: (<ip to bind to>:<port>:password) this key contrl the management interface of openvpn. The default is to listen only on the loopback interface. It's used to display connected clients. You can allow the access on the local network to get some more statistics using for example: http://www.mertech.com.au/mertech-products-openvpnusermanager.aspx | + | *'''management''': (<ip to bind to>:<port>:password) this key contrl the management interface of openvpn. The default is to listen only on the loopback interface. It's used to display connected clients. You can allow the access on the local network to get some more statistics using for example: http://www.mertech.com.au/mertech-products-openvpnusermanager.aspx |
| | | |
− | *maxClients: (number) maximum number of clients connected at a time | + | *'''maxClients''': (number) maximum number of clients connected at a time |
| | | |
− | *mtuTest: (enabled|disabled) When using UDP as transport protocol, mtu-test will mesure the best MTU for the virtual interface. You should let it enabled un less you know what you're doing | + | *'''mtuTest''': (enabled|disabled) When using UDP as transport protocol, mtu-test will mesure the best MTU for the virtual interface. You should let it enabled un less you know what you're doing |
| | | |
− | *protocol: (udp|tcp) The transport protocol to use. UDP is recommadned for coth security and performance, but there are situations where you'll need to use TCP. If you use TCP, you should set TCPPort directive to set the port the daemon will listen on (instead of UDPPort) | + | *'''protocol''': (udp|tcp) The transport protocol to use. UDP is recommadned for coth security and performance, but there are situations where you'll need to use TCP. If you use TCP, you should set TCPPort directive to set the port the daemon will listen on (instead of UDPPort) |
| | | |
− | *redirectGW: (perClient|allways) The default is to enable the gateway redirection on a per client basis. But if you want the redirection to be allways enabled, you can set this key to "allways". This way, you won't have to create a new rule for each client. | + | *'''redirectGW''': (perClient|allways) The default is to enable the gateway redirection on a per client basis. But if you want the redirection to be allways enabled, you can set this key to "allways". This way, you won't have to create a new rule for each client. |
| | | |
− | *tapIf (tap interface): use this tap interface. You should use a tap free tap interface enlsaved in the bridge contrib. Don't change this setting unless you know what you're doing | + | *'''tapIf''': (tap interface) use this tap interface. You should use a tap free tap interface enlsaved in the bridge contrib. Don't change this setting unless you know what you're doing |
| | | |
| | | |