- /
- /
- /
Set up the OpenVPN server
Go to VPN > OpenVPN, Servers tab and click+ .
Enter these values:
| Server Mode: | Remote Access ( SSL/TLS User Auth) |
| Backend for authentication | RADIUS |
| Protocol | UDP |
| Device Mode | tun |
| Interface | WAN |
| Local port | 1194 |
| Description | Something appropriate |
| TLS Authentication | Check both Enable authentication of TLS packets and Automatically generate a shared TLS authentication key. |
| Peer Certificate Authority | TestDomain VPN CA |
| Server Certificate | vpn-testdomain-network (CA: TestDomain VPN CA) |
| DH Parameters Length | 1024 |
| Encryption algorithm | AES-128-CBC (128-bit) Others probably work as well. |
| Hardware Crypto | No Hardware Crypto Acceleration |
| Certificate Depth | One (Client Server) |
| Strict User/CN Matching | If this is checked, a user can only connect with their own credentials, not that of other users. I think this is is good idea, so check this option. |
| Tunnel Network | 192.168.82.0/24 Or any other network, as long as it is not in use in the LAN/WAN and probably not at users’ locations. i.e. don’t use 192.168.0.0/24, 192.168.1.0/24 and 10.0.0.0/24. |
| Redirect Gateway | If this is checked, not only traffic to the LAN will be routed through the tunnel but also to the rest of the In- ternet. If the user starts downloading a movie it will go through the company network. On the other hand, they will be behind the corporate firewall. Check this to use the VPN for secure Internet access. Do not check if the corporate line has a slow upload speed. |
| Local Network | 192.168.77.0/24 This is my range. Enter the actual LAN subnet here. |
| Concurrent connections | Crypto can be tough on resources. If the AZTCO-FW instal- lation runs on an appliance keep this number low. If it runs on an old computer it can do more. Keep en eye on the machine’s CPU. If more concurrent VPN connec- tions ask too much of resources, upgrade the hardware. I tend to set this number to the number of client instal- lations. |
| Compression | Check, unless clients and server are on stone-age hard- ware. |
| Type-of-Service | Unchecked |
| Inter-client communication | Unchecked unless needed. |
| Duplicate Connections | Unchecked unless needed. |
| 34D.y5n1a.mAicuItPhenticating OpenVPN Users with RADIU | SChveicakAedcutinvleesDs isreericotuosrlyy worried about laptops get1ti1ng78 stolen in the middle of a VPN session or client connec- tions being hijacked. |
| Address Pool | Checked |
