| Both sides previous revision Previous revision Next revision | Previous revision |
| userdoc:tt_openvpn_server [2018/10/14 15:53] – [Windows Client Configuration] abelbeck | userdoc:tt_openvpn_server [2026/05/08 12:22] (current) – [Windows Client Configuration] mkeuter |
|---|
| * Extra TLS-Auth: Enable a kind of "HMAC firewall" on OpenVPN's TCP/UDP port, where TLS control channel packets bearing an incorrect HMAC signature can be dropped immediately without response. "Yes" is a good choice if **all** clients support it. //[client.ovpn]// | * Extra TLS-Auth: Enable a kind of "HMAC firewall" on OpenVPN's TCP/UDP port, where TLS control channel packets bearing an incorrect HMAC signature can be dropped immediately without response. "Yes" is a good choice if **all** clients support it. //[client.ovpn]// |
| |
| {{:userdoc:ovpn-server-firewall.jpg?nolink|}} | {{:userdoc:ovpn-server-firewall.png?nolink|}} |
| |
| * External Hosts: Define a space separated list of allowed IPv4/IPv6 addresses via the external interface. The external firewall rules are automatically created by the [[userdoc:tt_firewall_plugins#openvpn-server|openvpn-server plugin]] . The firewall must be enabled, see the "Enable Firewall" section below for more info. | * External Hosts: Define a space separated list of allowed IPv4/IPv6 addresses via the external interface. The external firewall rules are automatically created by the [[userdoc:tt_firewall_plugins#openvpn-server|openvpn-server plugin]] . The firewall must be enabled, see the "Enable Firewall" section below for more info. |
| | * Client Isolation: Choose to "Pass" or "Deny" Client->Client traffic. "Deny" isolates connected clients, blocking access with each other. //(AstLinux 1.3.5 and later)// |
| |
| !!Tip ->!! Allow any external IPv4/IPv6 address by defining "External Hosts:" to "0/0". | !!Tip ->!! Allow any external IPv4/IPv6 address by defining "External Hosts:" to "0/0". |
| |
| |
| ===== Apple OS X Client Configuration ===== | ===== Apple macOS Client Configuration ===== |
| |
| **OpenVPN Client for Mac OS X:** [[http://www.sparklabs.com/viscosity/|Viscosity]] //(Free for 30 days)//\\ | **OpenVPN Client for macOS:** [[http://www.sparklabs.com/viscosity/|Viscosity]] //(Free for 30 days)//\\ |
| {{:userdoc:ovpn-viscosity-icon.png?nolink|}} | {{:userdoc:ovpn-viscosity-icon.png?nolink|}} |
| \\ | \\ |
| \\ | \\ |
| \\ | \\ |
| **OpenVPN Client for Mac OS X:** [[https://tunnelblick.net|Tunnelblick]] //(Free)//\\ | **OpenVPN Client for macOS:** [[https://tunnelblick.net|Tunnelblick]] //(Free)//\\ |
| {{:userdoc:ovpn-tunnelblick-icon.png?nolink|}} | {{:userdoc:ovpn-tunnelblick-icon.png?nolink|}} |
| \\ | \\ |
| \\ | \\ |
| |
| Ref: See Apple OS X instructions for Viscosity. | Ref: See Apple macOS instructions for Viscosity. |
| |
| \\ | \\ |
| C:\Users\<USER>\OpenVPN\config\ | C:\Users\<USER>\OpenVPN\config\ |
| |
| Or more simply, find the OpenVPN task in the system tray, right-click on it, select "Import File..." and select your named ''client.ovpn'' file. | Or more simply, find the OpenVPN task in the system tray, right-click on it, select "Import file..." and select your named **openvpn-cert-key** format ''client.ovpn'' file. |
| |
| {{:userdoc:ovpn-win-gui-import.png?nolink|}} | {{:userdoc:ovpn-win-gui-import.png?nolink|}} |
| |
| Provided that all goes well, you are ready to connect to your OpenVPN server, right-click on the OpenVPN task in the system tray: | Next, you are ready to connect to your OpenVPN server, right-click on the OpenVPN task in the system tray: |
| |
| {{:userdoc:ovpn-win-gui-task.png?nolink|}} | {{:userdoc:ovpn-win-gui-task.png?nolink|}} |
| {{:userdoc:ovpn-win-gui-connect.png?nolink|}} | {{:userdoc:ovpn-win-gui-connect.png?nolink|}} |
| |
| | \\ |
| | |
| | !!Tip ->!! If it takes very long for the Windows client to establish a connection to the OpenVPN server (more than 10 sec.), you can try to manually add this to the client config file: |
| | |
| | proto udp4 |
| | |
| | This way OpenVPN tries to use IPv4 first. |