From bc8ed874e48a2bb994e7714cc75b8aae392cb851 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20K=C3=BCthe?= Date: Mon, 2 Jan 2023 16:02:06 +0100 Subject: [PATCH] add openvpn docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marek Küthe --- docs/tunneling/index.md | 1 + docs/tunneling/openvpn.md | 52 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 docs/tunneling/openvpn.md diff --git a/docs/tunneling/index.md b/docs/tunneling/index.md index 9150e6f..e736e21 100644 --- a/docs/tunneling/index.md +++ b/docs/tunneling/index.md @@ -3,3 +3,4 @@ - [fastd](fastd) - [WireGuard](wireguard) +- [OpenVPN](openvpn) diff --git a/docs/tunneling/openvpn.md b/docs/tunneling/openvpn.md new file mode 100644 index 0000000..781fdaa --- /dev/null +++ b/docs/tunneling/openvpn.md @@ -0,0 +1,52 @@ + +# OpenVPN + +## Configuration + +``` +mode p2p + +remote +local + +proto + +rport +lport + +dev-type tun +dev + +script-security 1 +cipher aes-256-cbc + +resolv-retry infinite + +persist-key +persist-tun + +ifconfig-ipv6 + +secret +``` +Replace `` with the IP address of the peer and `` with your IP address. +Replace `` with `udp` for a connection over IPv4 or with `udp6` for a connection over IPv6. +Choose a port for `` and set `` to the port of your peer. `` on udp must be opened accordingly in the local firewall. +Replace `` with the appropriate interface name for your peer. +Replace `` with your link-local IPv6 and `` with the link-local IPv6 of your peer. +Replace `` with the path to the Secret Static Key. + +Generate a Secret Static Key: +``` +openvpn --genkey secret .key +``` + +## Automatic start with systemd + +If you save the OpenVPN configuration under `/etc/openvpn/.conf`, you can use systemd to start the OpenVPN connection or set an automatic start: +``` +systemctl start openvpn@ +``` +``` +systemctl enable openvpn@ +```