14.1.2.7 OpenVPN Client (ovpnc)
267
14.1.2.7-B
Authentication
Certificate
SX-GATE always uses certificates to authenticate OpenVPN connections.
SX-GATE VPN certificate
By default SX-GATE uses the certificates from menu "Modules > Network" on
tabs "VPN Certificate" and "Trusted VPN CA" to authenticate a connection.
Dedicated certificate
This alternative setting allows you to import individual keying material for use in
this OpenVPN connection only.
Import key
Use this wizard to import a private key, the corresponding certificate and the
CA certificate. You can upload PKCS#12 files (*.p12, *.pfx), SX-GATE OpenVPN
setup packages for Windows (*.exe) or OpenVPN configuration files with embedded
keys (*.ovpn). When using a setup package or an OpenVPN configuration file, this
connection's configuration parameters are adjusted as necessary.
The imported key and the certificates are not included in SX-
GATE's backups. Please keep the file you use for import as a
backup. Make sure it is protected, as it includes a private key.
14.1.2.7-C
Encryption
Hash algorithm
Please select the hash algorithm configured on the server for authentication of
the individual data packets (HMAC). This setting corresponds to the OpenVPN
configuration parameter "auth".
Cipher algorithm
Please select the cipher algorithm as configured on the server. This determines how
the transmitted data is protect. This setting corresponds to the OpenVPN configuration
parameters "cipher" and, if applicable, "keysize". All ciphers use CBC mode.
TLS-Auth Schlüssel
To protect a server from DOS attacks, an additional authentication using the OpenVPN
option "tls-auth" might be required. Leave blank if "tls-auth" is not necessary.