3,250
edits
Changes
Jump to navigation
Jump to search
Line 25:
Line 25: + + + + + − ==== install the rpms ====+ + + + Line 33:
Line 41: + + + − + Line 225:
Line 236: − + + + + + + + +
no edit summary
=== Installation ===
=== Installation ===
<tabs container><tab name="For SME 10">
/!\ new default cipher = AES-128-GCM and HMAC SHA256, if you have issues check the configuration options
yum install smeserver-openvpn-routed --enablerepo=smecontribs
if you have smeserver-openvpn-bridge installed and configured then all will work automaticly.
It will change its port to a different one, and it will copy certificates from the bridge openvpn
to know the new port
config getprop openvpn-routed UDPPort
</tab>
<tab name="For SME 9">
install fws repo, see : [[Fws]]
install fws repo, see : [[Fws]]
yum install smeserver-openvpn-routed --enablerepo=fws,smecontribs
yum install smeserver-openvpn-routed --enablerepo=fws,smecontribs
you will then have to configure by hand
</tab>
</tabs>
==== Configure ====
==== Configure ====
This contribs is really minimal and doesn't have a panel to configure everything. You have to configure all by hand.
This contribs is really minimal and doesn't have a panel to configure everything. You have to configure all by hand. Except on SME10 if you already have smeserver-openvpn-bridge installed and configured.
here's the file the contrib expects to see before being started:
here's the file the contrib expects to see before being started:
|-
|-
| || || || Cipher || None || Various. AES-256-CBC || Default BF-CBC deprecated
| || || || Cipher || None || Various. AES-128-CBC || Default BF-CBC deprecated
|-
| || || || HMAC || None || Various. SHA256 || Default SHA1 deprecated
|-
|-
| || || || CrlUrl ||None || http://url/phpki/index.php?stage=dl_crl_pem ||
| || || || CrlUrl ||None || http://url/phpki/index.php?stage=dl_crl_pem ||
|}
|}
you can also set the property PushRoute to disable to any network in networks db to avoid the contrib to push the network to the client
===Workarounds and known issues===
===Workarounds and known issues===
if you migrate from SME8 to SME9 and are not able to connect after correctly migrating your certificates, this might be related to not secure enough algorithm. CentOS 6.9 release notes state that "Support for insecure cryptographic protocols and algorithms has been dropped. This affects usage of MD5, SHA0, RC4 and DH parameters shorter than 1024 bits." Of course real solution would be to migrate all your certs to better algorithm.
if you migrate from SME8 to SME9 and are not able to connect after correctly migrating your certificates, this might be related to not secure enough algorithm. CentOS 6.9 release notes state that "Support for insecure cryptographic protocols and algorithms has been dropped. This affects usage of MD5, SHA0, RC4 and DH parameters shorter than 1024 bits." Of course real solution would be to migrate all your certs to better algorithm.