Changes

From SME Server
Jump to navigationJump to search
No change in size ,  07:36, 5 May 2009
m
OpenVPN case fix
Line 43: Line 43:  
*The server private key associated with the certificate
 
*The server private key associated with the certificate
 
*Diffie-Helman parameters (Used to exchange the session key)
 
*Diffie-Helman parameters (Used to exchange the session key)
*An optional key generate by openvpn to add TLS authentication
+
*An optional key generate by OpenVPN to add TLS authentication
 
{{Note box|You can let this field blank if you don't want to use the additional TLS auth}}
 
{{Note box|You can let this field blank if you don't want to use the additional TLS auth}}
   Line 63: Line 63:     
==== Control the service ====
 
==== Control the service ====
Starting with version 2.0, openvpn daemon is now supervised.
+
Starting with version 2.0, OpenVPN daemon is now supervised.
 
You can control (start/stop/restart) the service from the server-manager, and you're advised to do so. But if you want to manually start/stop/restart the service, here are the corresponding commands:
 
You can control (start/stop/restart) the service from the server-manager, and you're advised to do so. But if you want to manually start/stop/restart the service, here are the corresponding commands:
   Line 73: Line 73:  
  sv t /service/openvpn-bridge
 
  sv t /service/openvpn-bridge
   −
{{Note box|the script /etc/init.d/openvpn is provided with openvpn rpm, but is not used with this contrib. Don't try to use it to control the service, it won't work.}}
+
{{Note box|the script /etc/init.d/openvpn is provided with OpenVPN rpm, but is not used with this contrib. Don't try to use it to control the service, it won't work.}}
    
=== Using PHPki to manage the certificates ===
 
=== Using PHPki to manage the certificates ===
Line 99: Line 99:  
[[File:Phpki_confirm_crt.png|768px|thumb|center|Confirm the creation of the new certificate]]
 
[[File:Phpki_confirm_crt.png|768px|thumb|center|Confirm the creation of the new certificate]]
   −
==== Configure openvpn with the newly created certificates ====
+
==== Configure OpenVPN with the newly created certificates ====
    
{{Note box|If you update an existing smeserver-openvpn-bridge installation, you can skip this part, and directly go [[OpenVPN_Bridge#Upgrade_from_smeserver-openvpn-bridge-fws-1.1-2|here]]}}
 
{{Note box|If you update an existing smeserver-openvpn-bridge installation, you can skip this part, and directly go [[OpenVPN_Bridge#Upgrade_from_smeserver-openvpn-bridge-fws-1.1-2|here]]}}
Line 149: Line 149:  
  DBNAME='openvpn-bridge'
 
  DBNAME='openvpn-bridge'
 
   
 
   
  # The new openvpn contrib doesn't use cert entries but rules ones
+
  # The new OpenVPN contrib doesn't use cert entries but rules ones
 
  # So we need to convert it
 
  # So we need to convert it
 
  if [ -e /home/e-smith/db/$DBNAME ]; then
 
  if [ -e /home/e-smith/db/$DBNAME ]; then
Line 170: Line 170:  
   
 
   
 
  install_cert_in_new_dir(){
 
  install_cert_in_new_dir(){
  # Here, we install the old certificates used by openvpn daemon to the new location
+
  # Here, we install the old certificates used by OpenVPN daemon to the new location
 
  mkdir -p $OVPNNEWDIR/{priv,pub}
 
  mkdir -p $OVPNNEWDIR/{priv,pub}
 
  cat $OLDDIR/$SRVCN.crt > $OVPNNEWDIR/pub/cert.pem
 
  cat $OLDDIR/$SRVCN.crt > $OVPNNEWDIR/pub/cert.pem
Line 231: Line 231:     
==== Windows ====
 
==== Windows ====
For Windows systems, you should download OpenVPN GUI either from http://openvpn.se/download.html (which include OpenVPN 2.0.9) or from here: http://openvpn.net/index.php/downloads.html (starting with version 2.1, openvpn include the Windows GUI in the installer. 2.1 is still in RC but is quite stable and has some advantages over 2.09. One of the main one is that your can run it on 2000/XP without administrative privileges)
+
For Windows systems, you should download OpenVPN GUI either from http://openvpn.se/download.html (which include OpenVPN 2.0.9) or from here: http://openvpn.net/index.php/downloads.html (starting with version 2.1, OpenVPN include the Windows GUI in the installer. 2.1 is still in RC but is quite stable and has some advantages over 2.09. One of the main one is that your can run it on 2000/XP without administrative privileges)
    
On Windows, the configuration directory for OpenVPN is C:\Program Files\OpenVPN\config
 
On Windows, the configuration directory for OpenVPN is C:\Program Files\OpenVPN\config
Line 267: Line 267:  
*'''compLzo''': (enabled|disabled) This option control the usage of real time LZO compression. Enabling it usually improve the performance at no cost. It uses an adaptive algorithm, if data sent over the tunnel are uncompress-able, the compression will automatically be disabled. You may want to disable it on small hardware.
 
*'''compLzo''': (enabled|disabled) This option control the usage of real time LZO compression. Enabling it usually improve the performance at no cost. It uses an adaptive algorithm, if data sent over the tunnel are uncompress-able, the compression will automatically be disabled. You may want to disable it on small hardware.
   −
*'''management''': (<ip to bind to>:<port>:<password>) this key control the management interface of openvpn. The default is to listen only on the loopback interface. It's used to display connected clients. You can allow the access on the local network to get some more statistics using for example: http://www.mertech.com.au/mertech-products-openvpnusermanager.aspx
+
*'''management''': (<ip to bind to>:<port>:<password>) this key control the management interface of OpenVPN. The default is to listen only on the loopback interface. It's used to display connected clients. You can allow the access on the local network to get some more statistics using for example: http://www.mertech.com.au/mertech-products-openvpnusermanager.aspx
    
*'''maxClients''': (number) maximum number of clients connected at a time
 
*'''maxClients''': (number) maximum number of clients connected at a time

Navigation menu