Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
userdoc:tt_openvpn_server [2018/10/14 05:05] mkeuter [Windows Client Configuration] |
userdoc:tt_openvpn_server [2018/12/01 12:26] (current) mkeuter |
* Extra TLS-Auth: Enable a kind of "HMAC firewall" on OpenVPN's TCP/UDP port, where TLS control channel packets bearing an incorrect HMAC signature can be dropped immediately without response. "Yes" is a good choice if **all** clients support it. //[client.ovpn]// | * Extra TLS-Auth: Enable a kind of "HMAC firewall" on OpenVPN's TCP/UDP port, where TLS control channel packets bearing an incorrect HMAC signature can be dropped immediately without response. "Yes" is a good choice if **all** clients support it. //[client.ovpn]// |
| |
{{:userdoc:ovpn-server-firewall.jpg?nolink|}} | {{:userdoc:ovpn-server-firewall.png?nolink|}} |
| |
* External Hosts: Define a space separated list of allowed IPv4/IPv6 addresses via the external interface. The external firewall rules are automatically created by the [[userdoc:tt_firewall_plugins#openvpn-server|openvpn-server plugin]] . The firewall must be enabled, see the "Enable Firewall" section below for more info. | * External Hosts: Define a space separated list of allowed IPv4/IPv6 addresses via the external interface. The external firewall rules are automatically created by the [[userdoc:tt_firewall_plugins#openvpn-server|openvpn-server plugin]] . The firewall must be enabled, see the "Enable Firewall" section below for more info. |
| * Client Isolation: Choose to "Pass" or "Deny" Client->Client traffic. "Deny" isolates connected clients, blocking access with each other. //(AstLinux 1.3.5 and later)// |
| |
!!Tip ->!! Allow any external IPv4/IPv6 address by defining "External Hosts:" to "0/0". | !!Tip ->!! Allow any external IPv4/IPv6 address by defining "External Hosts:" to "0/0". |
\\ | \\ |
\\ | \\ |
**OpenVPN Client for Mac OS X:** [[http://code.google.com/p/tunnelblick/wiki/DownloadsEntry|Tunnelblick]] //(Free)//\\ | **OpenVPN Client for Mac OS X:** [[https://tunnelblick.net|Tunnelblick]] //(Free)//\\ |
{{:userdoc:ovpn-tunnelblick-icon.png?nolink|}} | {{:userdoc:ovpn-tunnelblick-icon.png?nolink|}} |
\\ | \\ |
| |
\\ | \\ |
| |
===== Windows Client Configuration ===== | ===== Windows Client Configuration ===== |
| |
The OpenVPN folks offer a free Windows Installer and GUI for the OpenVPN package. | The OpenVPN folks offer a free Windows Installer and GUI for the OpenVPN package. |
| |
Using the above link download the "Windows Installer" (32-bit) or (64-bit) for your Windows system. This example uses Windows7. Download the latest version, and install using the default selections. | Using the above link download the "Windows Installer". This example uses Windows7. Download the latest version, and install using the default selections. |
| |
Next, download your credentials from the AstLinux OpenVPN server page, unzip the package, and using the **openvpn-cert-key** format ''client.ovpn'' file, place the (''win7.ovpn'' in this example) file into the following folder: | Next, download your credentials from the AstLinux OpenVPN server page, unzip the package, and using the **openvpn-cert-key** format ''client.ovpn'' file, place the (''win7.ovpn'' in this example) file into the following folder: |
| |
C:\Program Files\OpenVPN\config | C:\Users\<USER>\OpenVPN\config\ |
| |
On newer OpenVPN versions the "config" folder must be created manually. | |
| |
{{:userdoc:ovpn-win-gui-config.jpg?nolink|}} | Or more simply, find the OpenVPN task in the system tray, right-click on it, select "Import file..." and select your named **openvpn-cert-key** format ''client.ovpn'' file. |
| |
Alternatively, you could use the **openvpn-pkcs12** format ''client.ovpn'' and ''client.p12'' files, place both the (''win7.ovpn'' and ''win7.p12'' in this example) files into the folder. | {{:userdoc:ovpn-win-gui-import.png?nolink|}} |
| |
That's it, next start the OpenVPN-GUI service. This procedure can vary depending on your version of Windows. The OpenVPN-GUI service __needs to have administrator permissions__ to add and delete routes and such. For the Windows7 case, right-click the OpenVPN-GUI icon and "Run as administrator". | Next, you are ready to connect to your OpenVPN server, right-click on the OpenVPN task in the system tray: |
| |
!!Note ->!! Make sure you understand the security implications of running any application with administrator privileges. | {{:userdoc:ovpn-win-gui-task.png?nolink|}} |
| |
{{:userdoc:ovpn-win-gui-permissions.jpg?nolink|}} | Finally, select "Connect" and a connection window will appear, then disappear when the connection is established. |
| |
Provided that all goes well, you are ready to connect to your OpenVPN server, find the OpenVPN task in the system tray, right-click on it: | {{:userdoc:ovpn-win-gui-connect.png?nolink|}} |
| |
{{:userdoc:ovpn-win-gui-task.jpg?nolink|}} | |
| |
Finally, select "Connect" and a connection window will appear, then disappear when the connection is established. | |