{{>toc}}

h1. OpenVPN

h2. point a point

<pre>

openvpn --genkey --secret tst.key

#server

openvpn --mktun --dev-type tap --dev taptst

ip link set taptst up

openvpn --dev-type tap --dev tapstg --comp-lzo yes --cipher none --proto udp --daemon --keepalive 10 30 --secret tst.key --port 1234

#client

openvpn --mktun --dev-type tap --dev taptst

ip link set taptst up

openvpn --dev-type tap --dev tapstg --comp-lzo yes --cipher none --proto udp --daemon --keepalive 10 30 --secret tst.key --remote A.B.C.D 1234

</pre>

h2. Server

<pre>

# cat /etc/default/openvpn

...

AUTOSTART="ttnn-tap ttnn-tap6 ttnn-tap-tcp ttnn-tap-tcp6"

...

# cat /etc/openvpn/ttnn-tap.conf 

dev tap0udp

port 11195

proto udp

ca ttnn/ca.crt

cert ttnn/h1.crt

key ttnn/h1.key  # This file should be kept secret

dh ttnn/dh1024.pem

mode server

tls-server

persist-key

persist-tun

client-config-dir ccd

client-to-client

comp-lzo yes

keepalive 10 60

verb 3

log-append  log/openvpn-tap.log

status status/openvpn-tap.txt

# cat /etc/openvpn/ttnn-tap6.conf 

dev tap6udp

port 11196

proto udp6

ca ttnn/ca.crt

cert ttnn/h1.crt

key ttnn/h1.key  # This file should be kept secret

dh ttnn/dh1024.pem

mode server

tls-server

persist-key

persist-tun

client-config-dir ccd

client-to-client

comp-lzo yes

keepalive 10 60

verb 3

log-append  log/openvpn-tap6.log

status status/openvpn-tap6.txt

# cat /etc/openvpn/ttnn-tap-tcp.conf 

dev tap0tcp

port 443

proto tcp-server

ca ttnn/ca.crt

cert ttnn/h1.crt

key ttnn/h1.key  # This file should be kept secret

dh ttnn/dh1024.pem

mode server

tls-server

persist-key

persist-tun

client-config-dir ccd

client-to-client

comp-lzo yes

keepalive 10 60

verb 3

log-append  log/openvpn-tap-tcp.log

status status/openvpn-tap-tcp.txt

# keys generated with id ip-X-Y-Z-T, files:

# ip-91-224-149-165.crt

# ip-91-224-149-165.csr

# ip-91-224-149-165.key

# cat /etc/openvpn/ccd/ip-91-224-149-165

ifconfig-push 91.224.149.165 255.255.255.0

push "route-gateway 91.224.149.254"

push "redirect-gateway def1"

push "dhcp-option DNS 8.8.8.8"

# bridge

brctl addbr br0

brctl addif br0 eth0

ip link set br0 up

ip link set br0 address 52:54:10:00:00:11 #force MAC to avoid MAC changes

openvpn --mktun --dev tap0udp

openvpn --mktun --dev tap0tcp

openvpn --mktun --dev tap6udp

brctl addif br0 tap0udp

ip link set tap0udp up

brctl addif br0 tap0tcp

ip link set tap0tcp up

brctl addif br0 tap6udp

ip link set tap6udp up

</pre>

Pour ignorer les push IP et route du serveur coté client openvpn il suffit de mettre "tls-client" a la place de "client" l'option --client est un raccourci pour --tls-client  --pull et --pull est ce qui accepte les directives serveur.

h2. Point-à-point avec routage d'un bloc d'IP.

[[Partage ADSL OpenVPN]]

h2. Proxmox

http://www.nedproductions.biz/wiki/configuring-a-proxmox-ve-2.x-cluster-running-over-an-openvpn-intranet

http://blog.developpeur-neurasthenique.fr/auto-hebergement-configurer-un-cluster-proxmox-2-sans-multicast.html