working standard TUN config

[krzee]

server config:

local <server ip>
port 1194
proto udp
dev tun
ca /home/krzee/vpn/keys/server-ca/ca.crt
cert /home/krzee/vpn/keys/server-ca/server.crt
key /home/krzee/vpn/keys/server-ca/server.key
dh /home/krzee/vpn/keys/server-ca/dh4096.pem
ifconfig-pool-persist /home/krzee/vpn/ipp.txt
client-config-dir /home/krzee/vpn/ccd
server 10.8.1.0 255.255.255.0
keepalive 10 120
client-to-client
comp-lzo
user vpn
group vpn
persist-key
persist-tun
tls-auth /home/krzee/vpn/keys/server-ca/ta.key 0
status openvpn-status.log
verb 4


client config:

client
dev tun
proto udp
remote <server ip> 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
pull
ns-cert-type server
tls-auth /home/krzee/vpn/keys/ta.key 1
ca /home/krzee/vpn/keys/ca.crt
cert /home/krzee/vpn/keys/joogot.crt
key /home/krzee/vpn/keys/joogot.key
comp-lzo
verb 4

[QuiescentWonder]

You should state that this configuration is specifically for Linux.

[Admin]

Thread title edited.

[krzee]

You should state that this configuration is specifically for Linux.

I would have, except it is not. In fact I do not even use linux...
The server config runs on freebsd, and the client is being used with osX and freebsd. However, all you need to change for it to work on windows is the paths to the config files, and remove user/group. Possibly a 'route-method exe' to work around windows lameness...
But yes, it works on linux too ;]

Here is each config changed for windows just in case anyone else is confused:

1) all files referenced below belong in C:\Program Files\Openvpn\config\ including the configs, which should end with the extension .ovpn
2) You can and should still lower privileges when using openvpn on windows. Above we did that with user/group... for windows please see:
http://openvpn.se/files/howto/openvpn-h ... admin.html

server config:

local <server ip>
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh4096.pem
ifconfig-pool-persist ipp.txt
client-config-dir ccd
server 10.8.1.0 255.255.255.0
keepalive 10 120
client-to-client
comp-lzo
persist-key
persist-tun
tls-auth ta.key 0
status openvpn-status.log
verb 4


client config:

client
dev tun
proto udp
remote <server ip> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
pull
ns-cert-type server
tls-auth ta.key 1
ca ca.crt
cert joogot.crt
key joogot.key
comp-lzo
verb 4

[dustin.mann9]

Question, does this configuration allow for multiple connections?
What are the advantages of TUN over TAP?
If connected, can you utilize Windows SMB sharing?

Thanks

[Douglas]

Question, does this configuration allow for multiple connections?
What are the advantages of TUN over TAP?
If connected, can you utilize Windows SMB sharing?

Thanks

Here's something from the vpnHelper IRC bot on irc.freenode.net ##openvpn.

<Dougy> !tunortap
<vpnHelper> Dougy: "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead., or (#2) and if your reason for wanting tap is windows shares, see !wins, or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning
<vpnHelper> Dougy: against you over the vpn
<Dougy> !wins
<vpnHelper> Dougy: "wins" is http://oreilly.com/catalog/samba/chapte ... 07_03.html is a good link for seeing how to run WINS on samba