Differences

This shows you the differences between two versions of the page.

--- userdoc:tt_openvpn_server [2016/12/20 08:28]
abelbeck
+++ userdoc:tt_openvpn_server [2018/12/01 12:26] (current)
mkeuter
@@ Line 1: / Line 1: @@
 ====== OpenVPN Configuration ======
-[[http://openvpn.net/|OpenVPN]] is arguably the easiest to use, highly secure, open source VPN available.  The addition of OpenVPN Client support for iOS and Andriod mobile devices has led to new supported features in AstLinux.  Features include a dual IPv4/IPv6 tunnel, TLS-Auth for added security, and ''client.ovpn'' file export to easily configure mobile devices and desktops.
+[[http://openvpn.net/|OpenVPN]] is an easy to use, secure, open source VPN.  The addition of OpenVPN Client support for iOS and Andriod mobile devices has led to new supported features in AstLinux.  Features include a dual IPv4/IPv6 tunnel, TLS-Auth for added security, and ''client.ovpn'' file export to easily configure mobile devices and desktops.
@@ Line 45: / Line 45: @@
     * ''mute 20''
-!!Tip ->!! If you also want to route packets to client networks: [[http://doc.astlinux-project.org/userdoc:tt_openvpn_client_networks|OpenVPN Client Networks]]
+!!Tip ->!! If you also want to route packets to client networks: [[userdoc:tt_openvpn_client_networks|OpenVPN Client Networks]]
 {{:userdoc:ovpn-server-auth.jpg?nolink|}}
@@ Line 55: / Line 55: @@
   * Extra TLS-Auth:  Enable a kind of "HMAC  firewall" on OpenVPN's TCP/UDP port, where TLS control channel packets bearing an incorrect HMAC signature can be dropped immediately without response.  "Yes" is a good choice if **all** clients support it. //[client.ovpn]//
-{{:userdoc:ovpn-server-firewall.jpg?nolink|}}
+{{:userdoc:ovpn-server-firewall.png?nolink|}}
-  * External Hosts:  Define a space separated list of allowed IPv4/IPv6 addresses via the external interface. The external firewall rules are automatically created by the [[http://doc.astlinux.org/userdoc:tt_firewall_plugins#openvpn-server|openvpn-server plugin]] .  The firewall must be enabled, see the "Enable Firewall" section below for more info.
+  * External Hosts:  Define a space separated list of allowed IPv4/IPv6 addresses via the external interface. The external firewall rules are automatically created by the [[userdoc:tt_firewall_plugins#openvpn-server|openvpn-server plugin]] .  The firewall must be enabled, see the "Enable Firewall" section below for more info.
+  * Client Isolation:  Choose to "Pass" or "Deny" Client->Client traffic. "Deny" isolates connected clients, blocking access with each other. //(AstLinux 1.3.5 and later)//
 !!Tip ->!! Allow any external IPv4/IPv6 address by defining "External Hosts:" to "0/0".
@@ Line 188: / Line 189: @@
 \\
 \\
-**OpenVPN Client for Mac OS X:**  [[http://code.google.com/p/tunnelblick/wiki/DownloadsEntry|Tunnelblick]]  //(Free)//\\
+**OpenVPN Client for Mac OS X:**  [[https://tunnelblick.net|Tunnelblick]]  //(Free)//\\
 {{:userdoc:ovpn-tunnelblick-icon.png?nolink|}}
 \\
@@ Line 195: / Line 196: @@
 \\
 ===== Windows Client Configuration =====
@@ Line 206: / Line 206: @@
 \\
 \\
-**OpenVPN Client for Windows:**  [[http://openvpn.net/index.php/open-source/downloads.html|Windows Installer/GUI]]  //(Free)//\\
+**OpenVPN Client for Windows:**  [[https://openvpn.net/community-downloads/|Windows Installer/GUI]]  //(Free)//\\
 {{:userdoc:ovpn-openvpn-icon.png?nolink|}}
 \\
@@ Line 212: / Line 212: @@
 The OpenVPN folks offer a free Windows Installer and GUI for the OpenVPN package.
-Using the above link download the "Windows Installer" (32-bit) or (64-bit) for your Windows system.  This example uses Windows7. Download the latest version, and install using the default selections.
+Using the above link download the "Windows Installer". This example uses Windows7. Download the latest version, and install using the default selections.
 Next, download your credentials from the AstLinux OpenVPN server page, unzip the package, and using the **openvpn-cert-key** format ''client.ovpn'' file, place the (''win7.ovpn'' in this example) file into the following folder:
-  C:\Program Files\OpenVPN\config
+  C:\Users\<USER>\OpenVPN\config\
-On newer OpenVPN versions the "config" folder must be created manually.
-{{:userdoc:ovpn-win-gui-config.jpg?nolink|}}
+Or more simply, find the OpenVPN task in the system tray, right-click on it, select "Import file..." and select your named **openvpn-cert-key** format ''client.ovpn'' file.
-Alternatively, you could use the **openvpn-pkcs12** format ''client.ovpn'' and ''client.p12'' files, place both the (''win7.ovpn'' and ''win7.p12'' in this example) files into the folder.
+{{:userdoc:ovpn-win-gui-import.png?nolink|}}
-That's it, next start the OpenVPN-GUI service.  This procedure can vary depending on your version of Windows.  The OpenVPN-GUI service __needs to have administrator permissions__ to add and delete routes and such. For the Windows7 case, right-click the OpenVPN-GUI icon and "Run as administrator".
+Next, you are ready to connect to your OpenVPN server, right-click on the OpenVPN task in the system tray:
-!!Note ->!! Make sure you understand the security implications of running any application with administrator privileges.
+{{:userdoc:ovpn-win-gui-task.png?nolink|}}
-{{:userdoc:ovpn-win-gui-permissions.jpg?nolink|}}
+Finally, select "Connect" and a connection window will appear, then disappear when the connection is established.
-Provided that all goes well, you are ready to connect to your OpenVPN server, find the OpenVPN task in the system tray, right-click on it:
+{{:userdoc:ovpn-win-gui-connect.png?nolink|}}
-{{:userdoc:ovpn-win-gui-task.jpg?nolink|}}
-Finally, select "Connect" and a connection window will appear, then disappear when the connection is established.