This shows you the differences between two versions of the page.
| Both sides previous revision
Previous revision
Next revision
|
Previous revision
Last revision
Both sides next revision
|
userdoc:tt_openvpn_server [2018/10/14 10:57]
abelbeck [Windows Client Configuration] |
userdoc:tt_openvpn_server [2018/12/01 10:28]
abelbeck |
| * Extra TLS-Auth: Enable a kind of "HMAC firewall" on OpenVPN's TCP/UDP port, where TLS control channel packets bearing an incorrect HMAC signature can be dropped immediately without response. "Yes" is a good choice if **all** clients support it. //[client.ovpn]// | * Extra TLS-Auth: Enable a kind of "HMAC firewall" on OpenVPN's TCP/UDP port, where TLS control channel packets bearing an incorrect HMAC signature can be dropped immediately without response. "Yes" is a good choice if **all** clients support it. //[client.ovpn]// |
| |
| {{:userdoc:ovpn-server-firewall.jpg?nolink|}} | {{:userdoc:ovpn-server-firewall.png?nolink|}} |
| |
| * External Hosts: Define a space separated list of allowed IPv4/IPv6 addresses via the external interface. The external firewall rules are automatically created by the [[userdoc:tt_firewall_plugins#openvpn-server|openvpn-server plugin]] . The firewall must be enabled, see the "Enable Firewall" section below for more info. | * External Hosts: Define a space separated list of allowed IPv4/IPv6 addresses via the external interface. The external firewall rules are automatically created by the [[userdoc:tt_firewall_plugins#openvpn-server|openvpn-server plugin]] . The firewall must be enabled, see the "Enable Firewall" section below for more info. |
| | * Client Isolation: Choose to "Pass" or "Deny" Client->Client traffic. "Deny" isolates connected clients, blocking access with each other. |
| |
| !!Tip ->!! Allow any external IPv4/IPv6 address by defining "External Hosts:" to "0/0". | !!Tip ->!! Allow any external IPv4/IPv6 address by defining "External Hosts:" to "0/0". |