docs/docs/tunneling/openvpn.md

OpenVPN

Configuration

mode p2p

remote <remote>
local <local>

proto <proto>

rport <rport>
lport <lport>

dev-type tun
dev <interface>

script-security 1
cipher aes-256-cbc

resolv-retry infinite

persist-key
persist-tun

ifconfig-ipv6 <IPv6> fe80::1000

secret <secret>

Replace <remote> with the IP address of the peer and <local> with your IP address. Replace <proto> with udp for a connection over IPv4 or with udp6 for a connection over IPv6. Choose a port for <lport> and set <rport> to the port of your peer. <lport> on udp must be opened accordingly in the local firewall. Replace <interface> with the appropriate interface name for your peer. Replace <IPv6> with your link-local IPv6. The specification of a second link-local address is only necessary for certain functions of OpenVPN, but the specification is mandatory. Therefore the address fe80::1000 is used here. Replace <secret> with the path to the Secret Static Key.

Generate a Secret Static Key:

openvpn --genkey secret <filename>.key

Automatic start with systemd

If you save the OpenVPN configuration under /etc/openvpn/<filename>.conf, you can use systemd to start the OpenVPN connection or set an automatic start:

systemctl start openvpn@<filename>

systemctl enable openvpn@<filename>

Further links

• Reference manual for OpenVPN 2.6
• dn42 OpenVPN Guide