Line 62: |
Line 62: |
| ==== smeserver-openvpn-bridge ==== | | ==== smeserver-openvpn-bridge ==== |
| | | |
− | Et enfin on installe le serveur VPN :
| + | <tabs container><tab name="For SME 10"> |
| + | /!\ nouveaux ciphers par défaut : AES-128-GCM et HMAC SHA56 ; si vous avez des problèmes, vérifiez les options de configuration. |
| + | yum --enablerepo=smecontribs install smeserver-openvpn-bridge |
| | | |
| + | </tab> |
| + | <tab name="For SME 9"> |
| + | Il faut activer le dépôt '''[[epel]]''' : |
| + | yum --enablerepo=smecontribs,epel install smeserver-openvpn-bridge |
| + | |
| + | </tab> |
| + | <tab name="For SME 8"> |
| yum --enablerepo=smecontribs install smeserver-openvpn-bridge | | yum --enablerepo=smecontribs install smeserver-openvpn-bridge |
| + | </tab> |
| + | </tabs> |
| | | |
| ==== Commande et monitoring d'openvpn ==== | | ==== Commande et monitoring d'openvpn ==== |
Line 487: |
Line 498: |
| *'''access''': (private|public) you should let this to public as running a VPN server just for the local network make no sens | | *'''access''': (private|public) you should let this to public as running a VPN server just for the local network make no sens |
| | | |
− | *'''cipher''': (valid cipher name) You can force the cipher to use. If you put auto, or delete this key, client and server will negotiate the stronger cipher both side support. To have the list of the supported cipher, issue the command | + | *'''cipher''': (valid cipher name) You can force the cipher to use. Starting SME 10, default is AES-256-GCM . If you put auto ( or delete this key, for SME9 and before ) the default will be the current of openvpn wich is as per 2.4 :BF-CBC. Also when both client and server are at least version 2.4, they will negotiate the stronger cipher both side support. SME10 enforce the following authorized ciphers: --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC . To have the list of the supported cipher, issue the command : |
| + | |
| openvpn --show-ciphers | | openvpn --show-ciphers |
| | | |
Line 507: |
Line 519: |
| | | |
| *'''tapIf''': (tap interface) use this tap interface. You should use a free tap interface enslaved in the bridge interface (configured with the [http://wiki.contribs.org/BridgeInterface#Installation bridge-interface] contrib). Do not change this setting unless you know what you're doing | | *'''tapIf''': (tap interface) use this tap interface. You should use a free tap interface enslaved in the bridge interface (configured with the [http://wiki.contribs.org/BridgeInterface#Installation bridge-interface] contrib). Do not change this setting unless you know what you're doing |
| + | |
| + | Also you can also set the property PushRoute "disabled" to any network in networks db to avoid the contrib to push the network to the client. |
| | | |
| Once you have configured the service like you want, just run the command | | Once you have configured the service like you want, just run the command |
Line 565: |
Line 579: |
| | | |
| {{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-openvpn-bridge|noresultsmessage="No open bugs found."}} | | {{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-openvpn-bridge|noresultsmessage="No open bugs found."}} |
| + | |
| === Journal des modifications === | | === Journal des modifications === |
− | Seules les versions publiées dans smecontrib sont répertoriées ici. | + | Seules les versions publiées dans smecontribs sont répertoriées ici. |
| | | |
| {{ #smechangelog: smeserver-openvpn-bridge}} | | {{ #smechangelog: smeserver-openvpn-bridge}} |