The first line in the Settings box indicates if the OpenVPN server is stopped or running.
OpenVPN on RED. Check this box to enable the OpenVPN server for RED.
OpenVPN on BLUE. Only visible if you have configured a BLUE interface. Check this box to enable the OpenVPN server for BLUE.
OpenVPN on ORANGE. Only visible if you have configured an ORANGE interface. Check this box to enable the OpenVPN server for ORANGE.
Local VPN Hostname/IP. Enter either the fully qualified domain name or the public IP address of the RED interface. If you are using a dynamic DNS service, you should use your dynamic DNS name here.
OpenVPN Subnet. Content to be written...
Protocol. Choose either UDP (default) or TCP. From the OpenVPN manual:
OpenVPN is designed to operate optimally over UDP, but TCP capability is provided for situations
where UDP cannot be used. In comparison with UDP, TCP will usually be somewhat less efficient and
less robust when used over unreliable or congested networks.
This article outlines some of problems with tunneling IP over TCP:
http://sites.inka.de/sites/bigred/devel/tcp-tcp.html
Destination port. TCP/UDP port number used. The default of 1194 is the official IANA port number assignment for OpenVPN.
MTU Size. The MTU (Maximum Transmission Units) is the maximum datagram size in bytes that can be sent unfragmented over a particular network path. OpenVPN requires that packets on the control or data channels be sent unfragmented.
LZO-Compression. Use LZO compression.
Encryption. OpenVPN can use several algorithms to encrypt packets. The default BF-CBC (Blowfish in Cipher Block Chaining) is both fast and very secure.
Content to be written...
DHCP push options. Content to be written...
Content to be written...
Push Routes. Content to be written...
Content to be written...
Miscellaneous options. Content to be written...
Content to be written...
Logfile options. Select the level of Verbosity for the logfile from the VERB drop-down menu. X is no logging. Y is low levels of logging, and Z is highest logging.
Radius server settings. Content to be written...
Content to be written...
The button will be disabled until the settings have been saved.
The only choice at present is a Host-to-Net VPN. Note that the Net-to-Net VPN radiobutton is greyed out.
Click the button to proceed.
Content to be written...
Name. The connection name can only contain letter and digit characters.
Enabled. Check this box to enable the entry.
Remark (optional). If you want, you can include a string of text to describe or identify the connection.
User's Full Name or System Hostname. Content to be written.
User's E-mail Address (optional). User's E-mail address.
User's Department (optional).
This is the department or suborganization name. Continuing
the school district example, this could be My Elementary School.
Organization Name. The
organization name. For example, if this VPN tunnel is tying
together schools in a school district, you may want to use
something like Some School
District.
City (optional). The city.
State or Province (optional). The state or province.
Country. This pull down selection menu contains every ISO recognized country name. Use it to select the country associated with the tunnel.
PKCS12 File Password. Content to be written.
An example of a Host-to-Net connection with a Certificate is shown below.
Status. Closed (Stopped), Closed (Active) or Open.
Download Client Package (zip) Icon. Content required...
Show Certificate Icon. Content required...
Download Certificate Icon. Content required...
Enabled/Disabled Icon. Toggle the Connection between Enabled and Disabled.
Edit Icon. Click the Yellow Pencil icon to edit the Remark.
Remove Icon. Click the Trash Can icon to delete the Connection.