Linux/OpenVPN: Unterschied zwischen den Versionen
→Android
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
(4 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
Zeile 12: | Zeile 12: | ||
username-as-common-name | username-as-common-name | ||
Add this line for TLS Authentication (the client then also has to import '''ta.key'''): | Add this line for TLS Authentication (the client then also has to import '''ta.key''' and use direction '''1'''): | ||
tls-auth ta.key 0 | tls-auth ta.key 0 | ||
Zeile 33: | Zeile 33: | ||
modprobe iptable_nat # if compiled as module | modprobe iptable_nat # if compiled as module | ||
iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE | iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE | ||
For verifying, list nat rules: | |||
iptables -t nat -v -L -n --line-number | |||
Open port '''12112 UDP''' on your router. | Open port '''12112 UDP''' on your router. | ||
Zeile 49: | Zeile 52: | ||
Disable '''LZO Compression''', if you disabled it on the server because of simple ChromeOS clients. | Disable '''LZO Compression''', if you disabled it on the server because of simple ChromeOS clients. | ||
If you want to use '''TLA Authentication''' then import also '''ta.key'''. | If you want to use '''TLA Authentication''' then import also '''ta.key''' and choose TLS direction '''1'''. | ||
= ChromeOS = | = ChromeOS = | ||
== Simple == | == Simple == | ||
Restrictions of simple method: | |||
* no compression | |||
* no tlsauth | |||
* only UDP | |||
On the Linux server: | |||
openssl pkcs12 -export -in ./pki/issued/client1.crt -inkey ./pki/private/client1.key -certfile ./pki/ca.crt -name client1 -out client1.p12 | openssl pkcs12 -export -in ./pki/issued/client1.crt -inkey ./pki/private/client1.key -certfile ./pki/ca.crt -name client1 -out client1.p12 | ||