Manualshelf

Technical data

ManualsBrandsSamsung ManualsFlat Panel TVPC680-ZA
161162163164165166167168169170
4. Packages
to be different. Thus it is not possible to connect two nets over a tunnel that both use
IP range 192.168.6.0/24.
transport net The transport network consists of two elements:
the connection between two OpenVPN daemons, described by re-
mote_host:remote_port and (local_host:)local_port. This is an equivalent
to the OpenVPN settings in OPENVPN_x_REMOTE_HOST, OPENVPN_x_REMOTE_PORT,
OPENVPN_x_LOCAL_HOST and OPENVPN_x_LOCAL_PORT.
and a tunnel over which the connection between the two OpenVPN-Daemons is
established, described by local_vpn_ip/remote_vpn_ip. This again is an equivalent
to the OpenVPN settings in OPENVPN_x_LOCAL_VPN_IP and OPENVPN_x_REMOTE_VPN_IP.
Both VPN IP addresses have be set to values of non existent nets on both routers.
input_list, forward_list Packets that should be sent over this tunnel have to pass the packet
filter at first. It will only allow ICMP messages (i.e. ping) as the default which can be
used to test the tunnel. Everythihng else has to be allowed explicitly. In the simplest
case this is done by
OPENVPN_x_PF_INPUT_POLICY='ACCEPT'
OPENVPN_x_PF_FORWARD_POLICY='ACCEPT'
Plese note that „accepting“ a complete VPN connection is very critical in
terms of security. Better use the tmpl: syntax of the packet filter to only
allow those services needed.
No more settings are required for a simple VPN tunnel. All other configuration handles
extended functions or special use cases. You should use those after establishing a working
tunnel with this minimal configuration.
4.14.2. OpenVPN - Configuration
Because of the complexity of OpenVPN we start by explaining settings required for any VPN
connection. Don’t try extended configurations for OpenVPN before establishing a connection
with minimal settings.
OPT_OPENVPN Default: OPT_OPENVPN=’no’
’yes’ activates package OpenVPN. ’no’ deactivates package OpenVPN completely.
OPENVPN_N Default: OPENVPN_N=’0’
How many OpenVPN configurations are active in the configuration file?
OPENVPN_x_REMOTE_HOST Default: OPENVPN_x_REMOTE_HOST=”
IP address or DNS address of the remote OpenVPN. For a Roadwarrior (Page 181) this
line has to be completely omitted. If omitted OpenVPN waits for connection establish-
ment and doesn’t try to connect by itself.
163