Difference between revisions of "OpenVPN Routed"

Languages:

English

Maintainer

Daniel B. from Firewall Services

Description

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, fail-over, and fine-grained access-controls. Starting with the fundamental premise that complexity is the enemy of security, OpenVPN offers a cost-effective, lightweight alternative to other VPN technologies that is well-targeted for the SME and enterprise markets.

This contrib will help you configuring OpenVPN in routed mode. With this mode, clients connecting to the VPN from the outside will get an IP in a virtual private network. (this network will use a separated IP range from your standard local network, unlike the OpenVPN_Bridge contrib

Requirements

• SME Server 8.0 (serveronly or server&gateway works)
• You may want to install PHPki to manage easily your certificates.

	Warning:
	The current version has mainly be written to allow smartphone device to be able to connect as bridge interface are not supported.

Installation

install the rpms

install fws repo, see : Fws

then :

yum  install smeserver-openvpn-routed --enablerepo=fws,smecontribs

Configure

This contribs is really minimal and doesn't have a panel to configure everything. You have to configure all by hand.

here's the file the contrib expects to see before being started:

• /etc/openvpn/routed/pub/cert.pem (the server certificate, in PEM format)
• /etc/openvpn/routed/pub/cacert.pem (the CA certificate, in PEM format)
• /etc/openvpn/routed/pub/dh.pem (Diffie-Helman parameters)
• /etc/openvpn/routed/priv/key.pem (the server private key)
• /etc/openvpn/routed/priv/takey.pem (an optional shared key)

If you already run the OpenVPN_Bridge contrib, you can just copy all the certificates:

cp -a /etc/openvpn/bridge/{priv,pub} /etc/openvpn/routed/

Configure as running in parallel of bridge contrib

1. install
2. change port

config setprop openvpn-routed UDPPort 1195

1. copy bridge certificates

cp -a /etc/openvpn/bridge/{priv,pub} /etc/openvpn/routed/

1. if you want to change the default network range assigned (192.169.29.0)

db configuration setprop openvpn-routed Network 192.168.79.0/255.255.255.0

1. signale event to regenerate all you need

signal-event openvpn-routed-update

default key properties

these properties can be modified simply by issuing

config setprop openvpn-routed propertie newvalue

to reset to default, simply issue:

config delprop openvpn-routed propertie

where you have to replace propertie and newvalue with what you want.

{propertie} || default;

{Protocol} || 'udp'; {UDPPort} || '1194'; {TCPPort} || '1194'; {Authentication} || 'CrtWithPass'; {'Network'} || '192.168.29.0/255.255.255.0'; {PushLocalNetworks} || 'enabled'; {RedirectGateway} || 'disabled'; {Mtu} || ; {Fragment} || ; {Cipher} || ; {RedirectGateway} || ; {Protocol} || 'udp'; {DuplicateCN} || 'disabled'; {PassTOS} || 'enabled'; {Compression} || 'enabled'; {MaxClients} || ; {ConfigRequired} || 'disabled'; {Verbose} || '3';