Changes

===Maintainer===

===Maintainer===

[[User:VIP-ire|Daniel B.]]<br />

[http://www.firewall-services.com Firewall Services]<br>

Original Contributor: [[User:VIP-ire|Daniel B.]] ; [http://www.firewall-services.com Firewall Services] ; mailto:daniel@firewall-services.com

mailto:daniel@firewall-services.com

===Version===

===Version===

install the rpms sme8.x and sme9.x

install the rpms sme8.x and sme9.x

  yum --enablerepo=smecontribs install smeserver-openvpn-s2s

  yum --enablerepo=smecontribs install smeserver-openvpn-s2s

  expand-template /etc/rc.d/init.d/masq

  expand-template /etc/rc.d/init.d/masq

  /etc/init.d/masq restart

  /etc/init.d/masq restart

 

This contrib has been tested on SME 7.5.1 and SME 8b6, 8b7 and 8.0 Final

<tab name="For SME 8">

 

 

  yum --enablerepo=smecontribs install smeserver-openvpn-s2s

  yum --enablerepo=smecontribs install smeserver-openvpn-s2s

  expand-template /etc/rc.d/init.d/masq

  expand-template /etc/rc.d/init.d/masq

  /etc/init.d/masq restart

  /etc/init.d/masq restart

 

 

 

===Configuration===

===Configuration===

*'''LogLevel''': if you want to increase the verbosity of a daemon (either client or server), you set the LogLevel property. Valid LogLevel values are numbers between 0 (no output except fatal errors) to 11 (really verbose)

*'''LogLevel''': if you want to increase the verbosity of a daemon (either client or server), you set the LogLevel property. Valid LogLevel values are numbers between 0 (no output except fatal errors) to 11 (really verbose)

*'''Protocol''': can be tcp or udp. The default is to use udp. You shouldn't change this setting unless you have good reason to do so. This setting should match on both the server and the client.

*'''Protocol''': can be tcp or udp. The default is to use udp. You shouldn't change this setting unless you have good reason to do so. This setting should match on both the server and the client.

*'''Compression''': can be enabled or disabled. Toggle the internal compression used by OpenVPN. The default is enabled. This setting should match on both the server and the client

*'''Compression''': can be enabled or disabled. Toggle the internal compression used by OpenVPN. The default is enabled. This setting should match on both the server and the client

*'''AllowInbound''': can be yes or no (default to yes). If set to no, inbound connections from this VPN will be dropped. This is usefull if you wan't a one-way VPN only (eg 192.168.9.0/24 can reach 192.168.11.0/24, but not the other way). Obviously, this setting only makes sens if you enable it on either the server or the client, but not both.

*'''AllowInbound''': can be yes or no (default to yes). If set to no, inbound connections from this VPN will be dropped. This is usefull if you wan't a one-way VPN only (eg 192.168.9.0/24 can reach 192.168.11.0/24, but not the other way). Obviously, this setting only makes sens if you enable it on either the server or the client, but not both.

If you use TLS as authentication mechanism, you can set some other properties:

If you use TLS as authentication mechanism, you can set some other properties:

*'''RemoteCommonName''': The connection will be accepted only if the remote endpoint has a valid certificate, with this common name

*'''RemoteCommonName''': The connection will be accepted only if the remote endpoint has a valid certificate, with this common name

*'''CheckCertificateUsage''': can be enabled or disabled (default is disabled). If enabled, a server daemon will only accept the connection if the remote endpoint present a client certificate, and a client daemon will only accept the connection if the remote endpoint present a server certificate.

*'''CheckCertificateUsage''': can be enabled or disabled (default is disabled). If enabled, a server daemon will only accept the connection if the remote endpoint present a client certificate, and a client daemon will only accept the connection if the remote endpoint present a server certificate.