- /
- /
- /
Configuring OpenVPN Server Settings
The options on this step of the wizard configure each aspect of how the OpenVPN server itself will behave as well as options which are passed on to clients. The options presented here are the same as those discussed previously in OpenVPN Configuration Options, refer to that section for details. Because the options are covered in detail in that section, only the settings for this example will be mentioned.
General OpenVPN Server Information
These options control how the OpenVPN instance operates.
Interface Since incoming connections will be from the WAN side, select WAN.
Protocol The default of UDP is acceptable.
Local Port This will be the first OpenVPN server instance so the default of 1194 is preferred. If there is an existing OpenVPN on that port, use a different port number. The wizard will suggest an unused port number.
Description As this will be for remote user access, ExampleCo Mobile VPN Clients is a fitting description.
Cryptographic Settings
These options control how traffic in the tunnel is encrypted and authenticated.
TLS Authentication TLS is highly desirable so check Enable authentication of TLS packets.
Generate TLS Key There is no existing TLS key, so check Automatically generate a shared TLS authentication key.
TLS Shared Key Since there is no existing TLS key, leave this blank.
DH Parameters Length Select 2048, as it is good balance of speed and strength.
Encryption Algorithm This can be left at the default value of AES-128-CBC, but any other option would also work well as long as the clients are set to match.
Auth Digest Algorithm Leave at the default SHA1 (160-bit)
Hardware Crypto The target device has no accelerator, so leave this set to No Hardware Crypto Accel- eration
Tunnel Settings
These options control how traffic coming from the remote clients will be routed.
Tunnel Network As in the diagram at the start of this example, the subnet 10.3.201.0/24 has been chosen for the VPN clients.
Redirect Gateway For ExampleCo’s setup, The VPN will only carry traffic which is destined for the subnets at the main office so this box is left unchecked.
Local Network This is the main office subnet, which in this example is 10.3.0.0/24.
Concurrent Connections ExampleCo does not want to limit the number of clients which can connect at the same time, so this is left blank.
Compression To improve throughput of traffic on the VPN tunnel at the expense of some CPU power, this is set to Enabled with Adaptive Compression.
Type-of-Service This box is unchecked, as there is no traffic on this VPN which requires prioritiza- tion/QoS.
Inter-Client Communication Because the clients on this VPN have no need to connect to other client machines, this box is unchecked.
Duplicate Connections Because unique certificates exist for every client, this is unchecked.
Client Settings
These options control specific settings given to the clients when a connection is established.
Dynamic IP The clients will connect from all over the country and unknown mobile networks and their IP addresses are likely to change without notice so this option is checked.
Address Pool The clients will be assigned addresses from the tunnel network above, so this is checked. Topology The method used to assign IP addresses to clients. The default of Subnet is the best choice. DNS Default Domain Enter the domain for ExampleCo here, example.com.
DNS Servers Any internal DNS server could be used here. ExampleCo has a Windows Active Directory
Domain Controller which is configured to act as a DNS server, 10.3.0.5.
NTP Servers The server above, 10.3.0.5, is also used to synchronize client PC clocks.
NetBIOS Options Clients will need access to Windows shares behind the VPN, so check Enable Net- BIOS over TCP/IP.
NetBIOS Node Type Because DNS is used primarily, select h-node.
NetBIOS Scope ID This will be left blank, since the NetBIOS scope is not limited.
WINS Servers WINS has been deprecated, so this is left blank.Advanced At this time no additional tweaks are needed, so this is left blank.