This is an old revision of the document!
OpenVPN
Introduction
OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the fundamental premise that complexity is the enemy of security.
Connection Types
There are a few ways of setting up a secure VPN connection using OpenVPN. Two typical solutions are “PC to router” and “router to router”. The default gargoyle set-up is “router to router”. “PC to router” should only be considered for advanced users.
PC to Router
Router to Router
Set-up
In your router configuration select OpenVPN Configuration
–» Connection –» OpenVPN –» OpenVPN Configuration
- OpenVPN disabled
- OpenVPN Client
- OpenVPN Server
select option 1. - OpenVPN disabled
select option 2. - Setup router as a open VPN client
select option 3. - Setup router as a open VPN server
OpenVPN server
| OpenVPN Internal IP: | default = 10.8.0.1 |
| OpenVPN Internal Subnet Mask: | default = 255.255.255.0 |
| OpenVPN Port: | default = 1194 |
| OpenVPN Protocol: | default = UDP |
| OpenVPN Cipher: | default = Blowfish-CBC 128bit |
| Client-To-Client Traffic: |
|---|
- Clients Can Only Communicate With Server
- Allow Clients To Communicate With Each Other
select option 1. - All remotely connected clients to the openVPN server can only access the LAN
select option 2. - All remotely connected clients to the openVPN server can access the LAN and other remote clients.
When this option set to “Allow Clients”, each client will “see” the other clients which are currently connected. Otherwise, each client will only see the server. Don't use this option if you want to firewall tunnel traffic using custom, per-client rules.
| LAN Subnet Access: |
|---|
- Clients Can Not Access LAN
- Allow clients To Access Hosts on the LAN
Select option 1. - Remotely connected clients can not access the LAN.
Select option 2. - Allow remotely connected clients full access to the LAN.
| Credential Re-Use: |
|---|
- Credentials Are Specific To Each Client
- Credentials Can Be Used By Multiple Clients
Select option 1. - Client configuration file needs to made for each OpenVPN remote client
Select option 2. - Client configuration file can be used on more than one OpenVPN remote client
| Clients Use VPN For: |
|---|
- All Client Traffic
- Only Traffic Destined for Hosts Behind VPN
Select option 1. - If you on the road and you want all traffic (e.g. internet) to be routed through the openVPN server
Select option 2. - All traffic execpt Traffic Destined for Hosts Behind VPN to be routed through local connection
Note: If option one is selected and the VPN connection is broken all traffic will be blocked.
