Line 89: |
Line 89: |
| | | |
| Some advanced settings are not available on the panel, but only with db commands: | | Some advanced settings are not available on the panel, but only with db commands: |
− | * '''LogLevel''': if you want to increase the verbosity of a daemon (either client or server), you set the LogLevel property. Valid LogLevel value are numbers between 0 (no output except fatal errors) to 11 (really verbose) | + | * '''LogLevel''': if you want to increase the verbosity of a daemon (either client or server), you set the LogLevel property. Valid LogLevel values are numbers between 0 (no output except fatal errors) to 11 (really verbose) |
| * '''Protocol''': can be tcp or udp. The default is to use udp. You shouldn't change this setting unless you have good reason to do so. This setting should match on both the server and the client. | | * '''Protocol''': can be tcp or udp. The default is to use udp. You shouldn't change this setting unless you have good reason to do so. This setting should match on both the server and the client. |
| * '''Cipher''': The cipher used. The default is to use the BlowFish algorithm. This setting should match on both the server and the client. You can get a list of available ciphers using this command: | | * '''Cipher''': The cipher used. The default is to use the BlowFish algorithm. This setting should match on both the server and the client. You can get a list of available ciphers using this command: |
| openvpn --show-ciphers | egrep '^[A-Z]{2}' | awk {'print $1'} | | openvpn --show-ciphers | egrep '^[A-Z]{2}' | awk {'print $1'} |
| * '''Compression''': can be enabled or disabled. Toggle the internal compression used by OpenVPN. The default is enabled. This setting should match on both the server and the client | | * '''Compression''': can be enabled or disabled. Toggle the internal compression used by OpenVPN. The default is enabled. This setting should match on both the server and the client |
| + | * '''AllowInbound''': can be yes or no (default to yes). If set to no, inbound connections from this VPN will be dropped. This is only usefull if you wan't a one-way VPN only (eg 192.168.9.0/24 can reach 192.168.11.0/24, but not the other way). |
| + | * '''SnatOutbound''': can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source. (This is only available since 0.1-19). |
| | | |
| If you use TLS as authentication mechanism, you can set some other properties: | | If you use TLS as authentication mechanism, you can set some other properties: |