Gargoyle Wiki

User Tools

Site Tools

Trace: faq
openvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
openvpn [2012/06/24 08:03]
ispyisail [OpenVPN server] 		openvpn [2016/05/07 21:39] (current)
ispyisail
Line 1: Line 1:
 +  
  
 ====== OpenVPN ====== ====== OpenVPN ======
-{{INLINETOC 2 4 }} + 
 ===== Introduction ===== ===== Introduction =====
 +==== VPN ====
 +A virtual private network (VPN) is a private network that connects remote (and often geographically separate) networks through primarily public communication infrastructures such as the Internet. VPNs provide security through tunnelling protocols and security procedures such as encryption. For example, a VPN could be used to securely connect the branch offices of an organisation to a head office network through the public Internet. 
  
-OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the fundamental premise that complexity is the enemy of security.+There are two main types of VPN: remote-access VPNs and Site-to-site VPNs. Remote-access VPNs allow individual users to connect to a remote network such as roaming salespeople connecting to their company's Intranet. Site-to-site VPNs allow inter-connection of networks of multiple users for example, branch offices to the main company network.
  
 +==== OpenVPN ====
  
-===== Connection Types=====+OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, fail-over, and fine-grained access-controls. Starting with the fundamental premise that complexity is the enemy of security.
  
-There are a few ways of setting up a secure VPN connection using OpenVPN. Two typical solutions are "PC to routerand "router to router"The default gargoyle set-up is "router to router""PC to router" should only be considered for advanced users.+====== Requirements ====== 
 + 
 + 
 +===== Router Requirements ===== 
 +You will need an atheros ar71xx based router with at least 8MB of flash and 32MB of memory (e.g. TP-Link 1043ND, Netgear WNDR3700v1-2/3800, Buffalo WZR-HP-G300NH etc.), for this feature to work. 
 + 
 +====== Connection Types ====== 
 + 
 + 
 + 
 +==== Remote-Access ==== 
 + 
 +---- 
 + 
 +{{:gargoyle_-_openvpn_pc_to_router.png ?550}} 
 + 
 +=== Site-to-Site === 
 + 
 + 
 + 
 +{{:gargoyle_-_openvpn_router_to_router.png?550}} 
 + 
 + 
 +=== Setup ===
  
-==== PC to Router ==== 
  
-{{ :gargoyle_-_openvpn_pc_to_router.png?550 | }} 
  
-==== Router to Router ==== 
-{{ :gargoyle_-_openvpn_router_to_router.png?550 | }} 
  
-===== Set-up ===== 
 In your router configuration select **OpenVPN** Configuration In your router configuration select **OpenVPN** Configuration
  
Line 35: Line 57:
  
 **select option 3.** - Setup router as a open VPN server **select option 3.** - Setup router as a open VPN server
 +
 +One very important caveat: If your router is configured as an OpenVPN client, per-IP bandwidth monitoring and per-IP quotas **will not work**. Quotas that apply to the whole network, and total bandwidth usage statistics will still be accurate.
 +
 +
  
  
Line 46: Line 72:
 |OpenVPN Protocol:|default = UDP| |OpenVPN Protocol:|default = UDP|
 |OpenVPN Cipher:|default = Blowfish-CBC 128bit| |OpenVPN Cipher:|default = Blowfish-CBC 128bit|
-^Client-To-Client Traffic:^+ 
 +---- 
 + 
 +**Client-To-Client Traffic:** 
 + 
 +---- 
  
   - Clients Can Only Communicate With Server   - Clients Can Only Communicate With Server
Line 59: Line 91:
 When this option set to "Allow Clients", each client will "see" the other clients which are currently connected. Otherwise, each client will only see the server. Don't use this option if you want to firewall tunnel traffic using custom, per-client rules. When this option set to "Allow Clients", each client will "see" the other clients which are currently connected. Otherwise, each client will only see the server. Don't use this option if you want to firewall tunnel traffic using custom, per-client rules.
  
-^LAN Subnet Access:^+---- 
 + 
 +**LAN Subnet Access:** 
 + 
 +---- 
  
   - Clients Can Not Access LAN   - Clients Can Not Access LAN
Line 66: Line 103:
 **Select option 1.** - Remotely connected clients can not access the LAN. **Select option 1.** - Remotely connected clients can not access the LAN.
  
-**Select option 2.** - Allow remotely connected clients full access to the LAN. +**Select option 2.** - Allow remotely connected clients full access to the LAN.
  
 +----
 + 
 +**Credential Re-Use:**
 +
 +----
  
-^Credential Re-Use:^ 
  
   - Credentials Are Specific To Each Client   - Credentials Are Specific To Each Client
Line 78: Line 119:
 **Select option 2.** - Client configuration file can be used on more than one OpenVPN remote client **Select option 2.** - Client configuration file can be used on more than one OpenVPN remote client
  
-^Clients Use VPN For:^+---- 
 + 
 +**Clients Use VPN For:** 
 + 
 +---- 
  
   - All Client Traffic   - All Client Traffic
Line 87: Line 133:
 **Select option 2.** - All traffic execpt Traffic Destined for Hosts Behind VPN to be routed through local connection **Select option 2.** - All traffic execpt Traffic Destined for Hosts Behind VPN to be routed through local connection
  
-Note: If option one is selected and the VPN connection is broken all traffic will be blocked. 
-  
  
 +//Note: If option 1. is selected Gargoyle controls all internet traffic for the connected client which could cause undesired and unexpected results.//
  
  
  
  
- 
- 
- 
- 
-  
  
  
Line 105: Line 145:
  
  
 + 
  
  
openvpn.1340525018.txt.gz · Last modified: 2012/06/24 08:03 by ispyisail

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki