Changes

Jump to navigation Jump to search

OpenVPN SiteToSite (view source)

Revision as of 16:58, 30 March 2021

5 bytes removed ,  16:58, 30 March 2021
→‎Additional options
Line 117: Line 117:  
*'''LogLevel''': if you want to increase the verbosity of a daemon (either client or server), you set the LogLevel property. Valid LogLevel values are numbers between 0 (no output except fatal errors) to 11 (really verbose)
 
*'''LogLevel''': if you want to increase the verbosity of a daemon (either client or server), you set the LogLevel property. Valid LogLevel values are numbers between 0 (no output except fatal errors) to 11 (really verbose)
 
*'''Protocol''': can be tcp or udp. The default is to use udp. You shouldn't change this setting unless you have good reason to do so. This setting should match on both the server and the client.
 
*'''Protocol''': can be tcp or udp. The default is to use udp. You shouldn't change this setting unless you have good reason to do so. This setting should match on both the server and the client.
  −
  −
   
*'''Compression''': can be enabled or disabled. Toggle the internal compression used by OpenVPN. The default is enabled. This setting should match on both the server and the client
 
*'''Compression''': can be enabled or disabled. Toggle the internal compression used by OpenVPN. The default is enabled. This setting should match on both the server and the client
 
*'''AllowInbound''': can be yes or no (default to yes). If set to no, inbound connections from this VPN will be dropped. This is usefull if you wan't a one-way VPN only (eg 192.168.9.0/24 can reach 192.168.11.0/24, but not the other way). Obviously, this setting only makes sens if you enable it on either the server or the client, but not both.
 
*'''AllowInbound''': can be yes or no (default to yes). If set to no, inbound connections from this VPN will be dropped. This is usefull if you wan't a one-way VPN only (eg 192.168.9.0/24 can reach 192.168.11.0/24, but not the other way). Obviously, this setting only makes sens if you enable it on either the server or the client, but not both.
    
If you use TLS as authentication mechanism, you can set some other properties:
 
If you use TLS as authentication mechanism, you can set some other properties:
   
*'''RemoteCommonName''': The connection will be accepted only if the remote endpoint has a valid certificate, with this common name
 
*'''RemoteCommonName''': The connection will be accepted only if the remote endpoint has a valid certificate, with this common name
 
*'''CheckCertificateUsage''': can be enabled or disabled (default is disabled). If enabled, a server daemon will only accept the connection if the remote endpoint present a client certificate, and a client daemon will only accept the connection if the remote endpoint present a server certificate.
 
*'''CheckCertificateUsage''': can be enabled or disabled (default is disabled). If enabled, a server daemon will only accept the connection if the remote endpoint present a client certificate, and a client daemon will only accept the connection if the remote endpoint present a server certificate.
Unnilennium
Super Admin, Wiki & Docs Team, Bureaucrats, Interface administrators, Administrators
3,250

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/39273"

Navigation menu