Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openvpn]

OpenVPN is a free and open source software VPN solution. It allows secure point-to-point or site-to-site connections with routed or bridged configurations and remote access facilities.

OpenVPN is a free and open source software application that implements VPN techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses SSL/TLS security for encryption and is capable of traversing network address translators and firewalls.

It's architecture is build upon 4 principles:

  • Encryption
  • Authentication
  • Networking
  • Security

More info is to be found on the Open-Source site of VPN.
A very thorough tutorial can be found on Shorewall.

3274 questions
10
votes
2 answers

Traffic routing with unreliable connections

I have a group of offices that are all connected to the main office via DSL links on the far end to save costs. (We're a non-profit, don't ask) We've historically had noticeable problems with the link-up between the ISP that handles our remote sites…
Magellan
  • 4,451
  • 3
  • 30
  • 53
10
votes
2 answers

How can I setup OpenVPN with IPv4 and IPv6 using a tap device?

I've managed to setup OpenVPN for full IPv4 connectivity using tap0. Now I want to do the same for IPv6. Addresses and network setup (note that my real prefix is replaced by 2001:db8): 2001:db8::100:0:0/96 my assigned IPv6…
Lekensteyn
  • 6,241
  • 6
  • 39
  • 55
10
votes
4 answers

OpenVPN port-share with Apache/SSL

I'm trying to set up OpenVPN to listen on port 443, and then pass all HTTPS traffic to Apache, by using the port-share option. Relevant config snippets are: OpenVPN local ${PUBLIC_IP} port 443 port-share localhost 443 Apache with SSL Listen…
Robert Munteanu
  • 1,644
  • 5
  • 23
  • 41
10
votes
1 answer

Can I simply buy dedicated IP addresses from any website and assign them to my server?

As the question suggests, is it possible for me to buy/get dedicated/static IP addresses and connect them to my OpenVPN server so I can assign each IP address to a client?
Alex Aref
  • 115
  • 6
9
votes
1 answer

Why does this allocation of client static IP in OpenVPN fail?

I am running an OpenVPN server, and I want to assign a specific client a static IP. This is my server.conf. I think this configures the pool of virtual IPs to span from 10.5.24.209 to 10.5.24.223. port 443 proto tcp dev tun sndbuf 0 rcvbuf 0 ca…
Magnus
  • 255
  • 1
  • 2
  • 8
9
votes
1 answer

Limit/Throttle per user OpenVPN bandwidth using TC

I have a group of users connecting to my server via OpenVPN TCP and UDP (2 services). The two services are operating on tun0 and tun1 I'd like to be able to limit each user's bandwidth to say 5mb/s up and 5mb/s down using the TC command. This was…
user1167223
  • 171
  • 5
  • 15
9
votes
1 answer

In OpenVPN, what's the risk of omitting the key-direction when using tls-auth?

In my TLS enabled OpenVPN configuration I would like to use the additional security offered by using tls-auth. The good news is, is that it works as expected. However, I have a question about the optional key-direction parameter (either as a second…
gertvdijk
  • 3,504
  • 4
  • 30
  • 46
9
votes
1 answer

OpenVPN "rwRW" logging

When an openvpn client is configured to have a debugging level of verb 5 or higher, one will find text similar to "rWrWRwRwRwRwrWrWrWRw" in their OpenVPN log, appearing when packets transit the VPN interface. It's clear the messages are associated…
ssh2ksh
  • 193
  • 1
  • 5
9
votes
1 answer

OpenVPN certificate OR plugin-auth-pam authentication

Configuring OpenVPN server, I can enable either certificate-based authentication or username/password authentication using openvpn-plugin-auth-pam plugin, but not both at the same time. I enable username/password authentication as follows: plugin…
Andrei
  • 201
  • 2
  • 4
9
votes
2 answers

OpenVPN bypass on some ports

I have a server running Debian 7 and I would like to connect to a VPN and let all the traffic pass via the VPN except for some ports (SSH, hosted websites, etc). I've searched for some time now in the Internet, but nothing seems to work as…
Leeroy Brun
  • 281
  • 2
  • 5
9
votes
3 answers

Bypass openvpn for particular ip

My desktop machine runs Trisquel GNU/Linux 6.0 (which is basically a libre version of Ubuntu 12.04), and I use OpenVPN to connect to a commercial VPN provider for internet access. It currently routes all my traffic through the VPN, which is great,…
Lloyd Smart
  • 93
  • 1
  • 1
  • 4
9
votes
1 answer

OpenVPN certificate removal and connecting with no certificate file on server

I've run into a problem, that I removed certificate files from the server. But client that has these files can still connect. I've found out, that I should revoke the certificate and that this can be done by changing line with that certificate…
tymik
  • 398
  • 2
  • 6
  • 16
9
votes
3 answers

Possible? OpenVPN server requiring both certificate- AND password-based login (via Tomato router firmware)

I've been using Shibby's build of Tomato (64k NVRAM version) on my Asus N66U router in order to run an OpenVPN server. I'm curious whether it's possible to setup this OpenVPN server to require both a certificate AND a username/password before a user…
Eric
  • 237
  • 1
  • 6
  • 12
9
votes
2 answers

OpenVPN DNS Fails to Resolve

I am connected to an OpenVPN server that is configured with the options to redirect the VPN as the default gateway and to push my internal DNS servers: push "dhcp-option DNS 192.168.1.2" push "redirect-gateway def1" When I do an: ipconfig /all I…
omghai2u
  • 315
  • 1
  • 6
  • 15
9
votes
2 answers

ARP reply vanishes from br0 to tap0 using OpenVPN in bridging mode

I have setup a linux box (on an esxi5) which acts as an OpenVPN server. the server is configured to use bridging for the clients, which essentially works, with one exception. If the client pings some machine on the network which is not the server…
fen
  • 415
  • 4
  • 8
1 2 3
99 100