3,054
edits
Changes
From SME Server
Jump to navigationJump to searchno edit summary
==== smeserver-openvpn-bridge ====
==== smeserver-openvpn-bridge ====
<tabs container><tab name="For SME 10">
/!\ nouveaux ciphers par défaut : AES-128-GCM et HMAC SHA56 ; si vous avez des problèmes, vérifiez les options de configuration.
yum --enablerepo=smecontribs install smeserver-openvpn-bridge
</tab>
<tab name="For SME 9">
Il faut activer le dépôt '''[[epel]]''' :
yum --enablerepo=smecontribs,epel install smeserver-openvpn-bridge
</tab>
<tab name="For SME 8">
yum --enablerepo=smecontribs install smeserver-openvpn-bridge
yum --enablerepo=smecontribs install smeserver-openvpn-bridge
</tab>
</tabs>
==== Commande et monitoring d'openvpn ====
==== Commande et monitoring d'openvpn ====
*'''access''': (private|public) you should let this to public as running a VPN server just for the local network make no sens
*'''access''': (private|public) you should let this to public as running a VPN server just for the local network make no sens
*'''cipher''': (valid cipher name) You can force the cipher to use. If you put auto, or delete this key, client and server will negotiate the stronger cipher both side support. To have the list of the supported cipher, issue the command
*'''cipher''': (valid cipher name) You can force the cipher to use. Starting SME 10, default is AES-256-GCM . If you put auto ( or delete this key, for SME9 and before ) the default will be the current of openvpn wich is as per 2.4 :BF-CBC. Also when both client and server are at least version 2.4, they will negotiate the stronger cipher both side support. SME10 enforce the following authorized ciphers: --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC . To have the list of the supported cipher, issue the command :
openvpn --show-ciphers
openvpn --show-ciphers
*'''tapIf''': (tap interface) use this tap interface. You should use a free tap interface enslaved in the bridge interface (configured with the [http://wiki.contribs.org/BridgeInterface#Installation bridge-interface] contrib). Do not change this setting unless you know what you're doing
*'''tapIf''': (tap interface) use this tap interface. You should use a free tap interface enslaved in the bridge interface (configured with the [http://wiki.contribs.org/BridgeInterface#Installation bridge-interface] contrib). Do not change this setting unless you know what you're doing
Also you can also set the property PushRoute "disabled" to any network in networks db to avoid the contrib to push the network to the client.
Once you have configured the service like you want, just run the command
Once you have configured the service like you want, just run the command
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-openvpn-bridge|noresultsmessage="No open bugs found."}}
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-openvpn-bridge|noresultsmessage="No open bugs found."}}
=== Journal des modifications ===
=== Journal des modifications ===
Seules les versions publiées dans smecontrib sont répertoriées ici.
Seules les versions publiées dans smecontribs sont répertoriées ici.
{{ #smechangelog: smeserver-openvpn-bridge}}
{{ #smechangelog: smeserver-openvpn-bridge}}
