User Tools

Site Tools


sysadmin_misc:openvpn

Openvpn

Simple point to point

Generate secret key with openvpn –genkey –secret A_B.key and put it on both peers.

Deploy server side config (here a centos 7, hence group nobody) :

port 1194
proto udp
dev tun
comp-lzo
script-security 2

user nobody
group nobody
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key

cipher AES-128-CBC
# openssl speed -evp aes-256-cbc aes-128-cbc des-ede3
# The 'numbers' are in 1000s of bytes per second processed.
# type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
# des ede3          6660.10k     6917.93k     6966.95k     6855.00k     6845.78k
# aes-128 cbc      24740.85k    27967.77k    28945.66k    29193.90k    29218.13k
# aes-256 cbc      18582.35k    19963.09k    20650.50k    20820.99k    20488.19k

secret /etc/openvpn/A_B.key
ifconfig 10.1.0.1 10.1.0.2

; mute 20

Deploy client side config (here an ubuntu 16.04, hence group nogroup) :

proto udp
dev tun
comp-lzo
script-security 2

user nobody
group nogroup

ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key

cipher AES-128-CBC

secret /etc/openvpn/A_B.key
ifconfig 10.1.0.2 10.1.0.1
remote A

; mute 20

Enable and start on each side with systemd :

systemctl start openvpn@A_B
systemctl enable openvpn@A_B
sysadmin_misc/openvpn.txt · Last modified: 2018/09/25 15:00 (external edit)