Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openvpn]

OpenVPN is a free and open source software VPN solution. It allows secure point-to-point or site-to-site connections with routed or bridged configurations and remote access facilities.

OpenVPN is a free and open source software application that implements VPN techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses SSL/TLS security for encryption and is capable of traversing network address translators and firewalls.

It's architecture is build upon 4 principles:

  • Encryption
  • Authentication
  • Networking
  • Security

More info is to be found on the Open-Source site of VPN.
A very thorough tutorial can be found on Shorewall.

3152 questions
157
votes
4 answers

Getting "Cannot ioctl TUNSETIFF tun: Operation not permitted" when trying to connect to OpenVPN

I'm trying to setup an OpenVPN Access Server in AWS using the market place AMI, but I;m struggling to connect to it. The access server is up and running. I've also added a user with Auto-Login and generated the relevant client config and…
Stephen Melrose
  • 5,565
  • 5
  • 24
  • 21
110
votes
11 answers

Should I use tap or tun for openvpn?

What are the differences between using dev tap and dev tun for openvpn? I know the different modes cannot inter-operate. What is the technical differences, other then just layer 2 vs 3 operation. Are there different performance characteristics, or…
Thomaschaaf
  • 3,012
  • 5
  • 29
  • 24
81
votes
7 answers

OpenVPN vs. IPsec - Pros and cons, what to use?

Interestingly I have not found any good search results when searching for "OpenVPN vs IPsec". So here's my question: I need to set up a private LAN over an untrusted network. And as far as I know, both approaches seem to be valid. But I do not know…
jens
  • 991
  • 1
  • 9
  • 10
80
votes
8 answers

How to view connected users to open vpn server?

I'm developing a website for managing OpenVPN users with Django framework. But I need to know is there any way to extract active users from OpenVPN? My server is running Ubuntu 12.04.
hamidfzm
  • 985
  • 1
  • 9
  • 14
68
votes
3 answers

How to ensure OpenVPN connection uses specific DNS?

I'm using OpenVPN through Tunnelblick on MacOS X Lion. I need to set specific DNS (with local IP, which works only when VPN is up) for the duration of this VPN session only. I do not have access to the OpenVPN server configuration. Only client…
Stanislav Shabalin
  • 783
  • 1
  • 5
  • 6
47
votes
6 answers

How do you avoid network conflict with VPN internal networks?

While there's a wide variety of private non-routable networks across 192.168/16 or even 10/8, sometimes in being thoughtful of potential conflict, it still occurs. For example, I set up an installation OpenVPN once with the internal VPN network on…
jtimberman
  • 7,511
  • 2
  • 33
  • 42
46
votes
4 answers

Generate an OpenVPN profile for client user to import

Is there any documentation or resource describing how to generate and host a profile for an OpenVPN client to import? Ideally would like my users to not have to separately fetch a .zip file of the .ovpn + certs, extract it to the proper directory,…
Yang
  • 1,655
  • 6
  • 20
  • 35
44
votes
4 answers

OpenVPN performance: how many concurrent clients are possible?

I am evaluating a system for a client where many OpenVPN clients connect to a OpenVPN server. "Many" means 50000 - 1000000. Why do I do that? The clients are distributed embedded systems, each sitting behind the system owners dsl router. The server…
Steffen Müller
  • 678
  • 3
  • 10
  • 17
44
votes
6 answers

How to check that an OpenVPN server is listening on a remote port without using OpenVPN client?

I need to check that an OpenVPN (UDP) server is up and accessible on a given host:port. I only have a plain Windows XP computer with no OpenVPN client (and no chance to install it) and no keys needed to connect to the server - just common WinXP…
Ivan
  • 3,288
  • 19
  • 48
  • 70
42
votes
3 answers

telnet counterpart for UDP

Is there anything that enables a "telnet-like" functionality for UDP? I know the difference between TCP and UDP, and why telnet itself won't work - but I'm wondering if there is something similar to the telnet client, from the end-user perspective.…
Dexter
  • 557
  • 1
  • 4
  • 5
37
votes
2 answers

Comments in OpenVPN client config files?

Is it possible to put comments in the client config files (those in the path specified by "client-config-dir") for OpenVPN, i.e. something beginning with "#" or "//" or the like? If so, what is the appropriate comment character?
Doktor J
  • 1,087
  • 1
  • 10
  • 20
37
votes
3 answers

Why is `--duplicate-cn` not recommended in OpenVPN?

Is this for security reason, or performance reason?
Cheng
  • 711
  • 2
  • 9
  • 16
36
votes
2 answers

Can generated OpenVPN keys be used on multiple clients?

We are experimenting with running an OpenVPN server for our business. One question I can't seem to find the answer to is this: When we generate keys for one of our users for them to use at home, can their use the same keys on their home laptop as…
Jake Wilson
  • 8,494
  • 29
  • 94
  • 121
35
votes
4 answers

How to push my own DNS server to OpenVPN?

I have defined an unbound DNS server on my VPS and it appears to work. I need to use the DNS server instead of public DNS servers because some ISPs have blocked public DNS IPs. My openvpn.conf file is: dev tun proto tcp # Notice: here I…
hbp
  • 361
  • 1
  • 4
  • 5
32
votes
8 answers

Allowing SSH on a server with an active OpenVPN client

I have a VPS running CentOS 7 that I connect to with SSH. I would like to run an OpenVPN client on the VPS so that internet traffic is routed through the VPN, but still allow me to connect to the server via SSH. When I start up OpenVPN, my SSH…
odie5533
  • 445
  • 1
  • 4
  • 7
1
2 3
99 100