10 OpenVPN™ Encryption
The configuration file must be named
config.ovpn
and put together with all other files (preserving
the /data/ directory if used) into a standard ZIP file, which must be uploaded over the web-frontend.
This is an example content of a ZIP file:
• config.ovpn
• ca.crt
• client1.crt
• client1.key
Below you will see an example for the server side configuration.
# OpenVPN Server Configuration
tls-server
dev tun
proto tcp
# port where to listen on the server
port 1194
# the client subnet for the VPN. The server will use the 10.8.0.1 for itself
# and submit others from the range to the connected clients.
server 10.8.0.0 255.255.255.0
ca /data/ca.crt
cert /data/server.crt
key /data/server.key
dh /data/dh1024.pem
cipher AES-256-CBC
keepalive 10 120
comp-lzo
verb 3
# only when password used for the key
askpass /data/pass.txt
Figure 110: OpenVPN Server Configuration File
For further parameter description and examples, you must take a look at the very good documented
site of OpenVPN™ -
http://openvpn.net
.
10.3.2 Create OpenVPN™ Certificate and Keys
Here is an example of how you could create certificates for the OpenVPN™ Configuration. To
perform this you have to execute the following steps:
1. Open a command console and go to the
easy-rsa
sub-directory of your OpenVPN™ instal-
lation path (eg.
cd c:\Program Files\OpenVPN\easy-rsa
).
2. Call the command
init-config
which will copy the needed configuration files into place.
3. Now edit the
vars.bat
file and change all the
KEY_*
variables in the last section to your own
values (eg.
KEY_COUNTRY=US
).
September 2016
NetCom Plus User Manual
114
Summary of Contents for NetCom Plus 111
Page 133: ......