The first line in the Settings box indicates if the OpenVPN server is stopped or running.
OpenVPN on RED. Check this box to enable the OpenVPN server for RED.
OpenVPN on BLUE. Only visible if you have configured a BLUE interface. Check this box to enable the OpenVPN server for BLUE.
Local VPN Hostname/IP. Enter either the fully qualified domain name or the public IP address of the RED interface. If you are using a dynamic DNS service, you should use your dynamic DNS name here.
OpenVPN Subnet. Content to be written...
Protocol. Choose either UDP (default) or TCP. From the OpenVPN manual:
OpenVPN is designed to operate optimally over UDP, but TCP capability is provided for situations
where UDP cannot be used. In comparison with UDP, TCP will usually be somewhat less efficient and
less robust when used over unreliable or congested networks.
This article outlines some of problems with tunneling IP over TCP:
Destination port. TCP/UDP port number used. The default of 1194 is the official IANA port number assignment for OpenVPN.
MTU Size. The MTU (Maximum Transmission Units) is the maximum datagram size in bytes that can be sent unfragmented over a particular network path. OpenVPN requires that packets on the control or data channels be sent unfragmented.
LZO-Compression. Use LZO compression.
Encryption. OpenVPN can use several algorithms to encrypt packets. The default BF-CBC (Blowfish in Cipher Block Chaining) is both fast and very secure.
It is important that you select the correct route to push to clients, on the Advanced Server options page.
DHCP push options. The OpenVPN server can push DHCP options such as DNS and WINS server addresses to clients. Windows clients can accept pushed DHCP options natively, while non-Windows clients can accept them with some additional configuration. Refer to the OpenVPN HowTo for more details.
Domain name suffix Set a
connection-specific DNS suffix, for example
local.example.org This is optional.
Primary/Secondary DNS Add a
domain name server address, for example
These are optional, but when redirect-gateway is used, OpenVPN clients will route DNS queries through the VPN, and the VPN server will need handle them. This can be accomplished by pushing a DNS server address to connecting clients which will replace their normal DNS server settings during the time that the VPN is active.
servers Add the IP Address here of an NTP server, for
192.168.1.1 to push to
clients. These are optional.
Primary/Secondary WINS Server
addresses Add the IP Address here of a WINS server,
push to clients. These are optional.
Push Routes. The OpenVPN server pushes routing information to clients. Select the network you want to route traffic to.
Redirect all traffic through Tunnel Enable this when you want a VPN client to tunnel all network traffic through the VPN, including general internet web browsing. The client will take a performance hit, when all traffic has to pass through the OpenVPN server.
def1" to the server configuration file.
Green Network Enable this checkbox to route traffic to the Green Network.
Blue Network This checkbox will only be visible if you have a Blue interface. Enable this checkbox to route traffic to the Blue Network.
Orange Network This checkbox will only be visible if you have an Orange interface. Enable this checkbox to route traffic to the Orange Network.
The available Networks are disabled by default.
Miscellaneous options. Content to be written...
Content to be written...
Max-Clients Limit server to a maximum of n concurrent clients. Default value is 100.
Keepalive Default values are 10 and 60.
Logfile options. Select the level of Verbosity for the logfile from the Detail level drop-down menu. 0 is no logging except fatal errors. 1 is lowest level of logging, and 11 is highest level of logging.
Radius server settings. Content to be written...
Content to be written...
Thebutton will be disabled until the settings have been saved.
The only choice at present is a Host-to-Net VPN. Note that the Net-to-Net VPN radiobutton is greyed out.
Click thebutton to proceed.
Content to be written...
Name. The connection name can only contain letter and digit characters.
Enabled. Check this box to enable the entry.
Remark (optional). If you want, you can include a string of text to describe or identify the connection.
User's Full Name or System Hostname. Content to be written.
User's E-mail Address (optional). User's E-mail address.
(optional). This is the department or
suborganization name. Continuing the school district example,
this could be
Name. The organization name. For example, if
this VPN tunnel is tying together schools in a school
district, you may want to use something like
Some School District.
City (optional). The city.
State or Province (optional). The state or province.
Country. This pull down selection menu contains every ISO recognized country name. Use it to select the country associated with the tunnel.
PKCS12 File Password. Content to be written.
An example of a Host-to-Net connection with a Certificate is shown below.
Status. Closed (Stopped), Closed (Active) or Open.
Download Client Package (zip) Icon. Content required...
Show Certificate Icon. Content required...
Download Certificate Icon. Content required...
Enabled/Disabled Icon. Toggle the Connection between Enabled and Disabled.
Edit Icon. Click the Yellow Pencil icon to edit the Remark.
Remove Icon. Click the Trash Can icon to delete the Connection.