Miscellaneous openVPN issues

From Notes_Wiki
Revision as of 02:45, 18 April 2014 by Saurabh (talk | contribs)

<yambe:breadcrumb>Openvpn_server_configuration|Openvpn server configuration</yambe:breadcrumb>

Miscellaneous openvpn issues

Adding CRL (Certificate Revocation List) configuration to openvpn server

For CRL support use revoke option as specified in easy-rsa to generate CRL file. Then in server.conf use 'crl-verify <crl-file>' option



Inline certificate, keys and tls-auth configuration

If preferred then it is possible to specify CA certificate, client or server certificate, client or server key and tls-auth in the configuration file itself as follows:

           <ca>
           -----BEGIN CERTIFICATE-----
           [...]
           -----END CERTIFICATE-----
           </ca>

For other values use tags key, cert, dh, secret and tls-auth. Refer to 'man openvpn' for more information.


Forcing all Internet traffic over VPN connection

If it makes sense for some reason to force all Internet traffic to go over VPN connection then push following routes to client:

0.0.0.0/1
128.0.0.0/1

as these routes are more specific then 0.0.0.0/0 (default route) these should get preference and most Internet traffic then should get routed via VPN connection.


<yambe:breadcrumb>Openvpn_server_configuration|Openvpn server configuration</yambe:breadcrumb>