Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openvpn]

OpenVPN is a free and open source software VPN solution. It allows secure point-to-point or site-to-site connections with routed or bridged configurations and remote access facilities.

OpenVPN is a free and open source software application that implements VPN techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses SSL/TLS security for encryption and is capable of traversing network address translators and firewalls.

It's architecture is build upon 4 principles:

  • Encryption
  • Authentication
  • Networking
  • Security

More info is to be found on the Open-Source site of VPN.
A very thorough tutorial can be found on Shorewall.

3063 questions
143
votes
4 answers

Getting "Cannot ioctl TUNSETIFF tun: Operation not permitted" when trying to connect to OpenVPN

I'm trying to setup an OpenVPN Access Server in AWS using the market place AMI, but I;m struggling to connect to it. The access server is up and running. I've also added a user with Auto-Login and generated the relevant client config and…
Stephen Melrose
  • 5,165
  • 4
  • 23
  • 21
108
votes
11 answers

Should I use tap or tun for openvpn?

What are the differences between using dev tap and dev tun for openvpn? I know the different modes cannot inter-operate. What is the technical differences, other then just layer 2 vs 3 operation. Are there different performance characteristics, or…
Thomaschaaf
  • 3,002
  • 5
  • 28
  • 24
81
votes
7 answers

OpenVPN vs. IPsec - Pros and cons, what to use?

Interestingly I have not found any good search results when searching for "OpenVPN vs IPsec". So here's my question: I need to set up a private LAN over an untrusted network. And as far as I know, both approaches seem to be valid. But I do not know…
jens
  • 981
  • 1
  • 9
  • 10
79
votes
7 answers

How to view connected users to open vpn server?

I'm developing a website for managing OpenVPN users with Django framework. But I need to know is there any way to extract active users from OpenVPN? My server is running Ubuntu 12.04.
hamidfzm
  • 975
  • 1
  • 9
  • 14
66
votes
3 answers

How to ensure OpenVPN connection uses specific DNS?

I'm using OpenVPN through Tunnelblick on MacOS X Lion. I need to set specific DNS (with local IP, which works only when VPN is up) for the duration of this VPN session only. I do not have access to the OpenVPN server configuration. Only client…
Stanislav Shabalin
  • 763
  • 1
  • 5
  • 6
47
votes
6 answers

How do you avoid network conflict with VPN internal networks?

While there's a wide variety of private non-routable networks across 192.168/16 or even 10/8, sometimes in being thoughtful of potential conflict, it still occurs. For example, I set up an installation OpenVPN once with the internal VPN network on…
jtimberman
  • 7,491
  • 2
  • 32
  • 42
45
votes
4 answers

Generate an OpenVPN profile for client user to import

Is there any documentation or resource describing how to generate and host a profile for an OpenVPN client to import? Ideally would like my users to not have to separately fetch a .zip file of the .ovpn + certs, extract it to the proper directory,…
Yang
  • 1,645
  • 5
  • 20
  • 34
44
votes
4 answers

OpenVPN performance: how many concurrent clients are possible?

I am evaluating a system for a client where many OpenVPN clients connect to a OpenVPN server. "Many" means 50000 - 1000000. Why do I do that? The clients are distributed embedded systems, each sitting behind the system owners dsl router. The server…
Steffen Müller
  • 678
  • 3
  • 10
  • 17
43
votes
7 answers

How to check that an OpenVPN server is listening on a remote port without using OpenVPN client?

I need to check that an OpenVPN (UDP) server is up and accessible on a given host:port. I only have a plain Windows XP computer with no OpenVPN client (and no chance to install it) and no keys needed to connect to the server - just common WinXP…
Ivan
  • 3,238
  • 19
  • 45
  • 69
37
votes
3 answers

Why is `--duplicate-cn` not recommended in OpenVPN?

Is this for security reason, or performance reason?
Cheng
  • 701
  • 2
  • 9
  • 16
36
votes
3 answers

telnet counterpart for UDP

Is there anything that enables a "telnet-like" functionality for UDP? I know the difference between TCP and UDP, and why telnet itself won't work - but I'm wondering if there is something similar to the telnet client, from the end-user perspective.…
Dexter
  • 497
  • 1
  • 4
  • 5
36
votes
2 answers

Comments in OpenVPN client config files?

Is it possible to put comments in the client config files (those in the path specified by "client-config-dir") for OpenVPN, i.e. something beginning with "#" or "//" or the like? If so, what is the appropriate comment character?
Doktor J
  • 1,077
  • 1
  • 9
  • 20
36
votes
2 answers

Can generated OpenVPN keys be used on multiple clients?

We are experimenting with running an OpenVPN server for our business. One question I can't seem to find the answer to is this: When we generate keys for one of our users for them to use at home, can their use the same keys on their home laptop as…
Jake Wilson
  • 8,324
  • 28
  • 92
  • 121
34
votes
4 answers

How to push my own DNS server to OpenVPN?

I have defined an unbound DNS server on my VPS and it appears to work. I need to use the DNS server instead of public DNS servers because some ISPs have blocked public DNS IPs. My openvpn.conf file is: dev tun proto tcp # Notice: here I…
hbp
  • 351
  • 1
  • 4
  • 5
30
votes
5 answers

Very low TCP OpenVPN throughput (100Mbit port, low CPU utilization)

I am experiencing extremely slow OpenVPN transfer rates between two servers. For this question, I'll call the servers Server A and Server B. Both Server A and Server B are running CentOS 6.6. Both are located in datacenters with a 100Mbit line and…
Elliot B.
  • 1,296
  • 2
  • 18
  • 27
1
2 3
99 100