summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbnewbold <bnewbold@robocracy.org>2012-06-10 14:43:50 -0400
committerbnewbold <bnewbold@robocracy.org>2012-06-10 14:43:50 -0400
commit769882d21e83484eca63d86bd4404f8fdd18c7c3 (patch)
tree9440eff6dff34cf44b0755b7e09834e5dd241912
parent7ddd4409845e8895316d7b378b4364037312da40 (diff)
downloadknowledge-769882d21e83484eca63d86bd4404f8fdd18c7c3.tar.gz
knowledge-769882d21e83484eca63d86bd4404f8fdd18c7c3.zip
TCP vpn
-rw-r--r--networking/ipv6vpn.page23
1 files changed, 23 insertions, 0 deletions
diff --git a/networking/ipv6vpn.page b/networking/ipv6vpn.page
index 4aef252..c9f1ca0 100644
--- a/networking/ipv6vpn.page
+++ b/networking/ipv6vpn.page
@@ -35,6 +35,18 @@ Then copy the following to /etc/openvpn/server.conf:
proto udp
dev tun
tun-ipv6
+ ca ca.crt
+ cert server.crt
+ key server.key
+ dh dh1024.pem
+ keepalive 10 120
+ comp-lzo
+ persist-key
+ persist-tun
+ status openvpn-status.log
+ verb 3
+ ;ifconfig fec0::1 fec0::2
+ ;route 2600:3c03:e001:1301::/64 fec0::2
Add openvpn to the default service group and bring up the daemon:
@@ -88,6 +100,8 @@ and scp credentials to /etc/openvpn:
option verb 3
option mute 20
option comp_lzo 1
+ option ping 10
+ option ping-restart 120
Select "start" in the web interface; for whatever reason this always results in
a new configuration being generated, just ignore it. If the status doesn't
@@ -114,6 +128,15 @@ Restart the whole kit-and-kaboodle, re-enable openvpn, and see if things work!
If it doesn't, try watching syslog on both ends while attempting pings, and
inspect the addresses and routing tables with ``ip -6 route`` and ``ifconfig``.
+## TCP Follow Up
+
+With the above configuration (based on UDP), I would eventually (after a few
+days) get ``TLS Error: local/remote TLS keys are out of sync`` errors and need
+to restart both ends.
+
+I'm now testing with TCP ("option proto tcp-client" on the client and "proto
+tcp-server" on the VPS server).
+
# Lazy plaintext no-config Method (raw, for historical reference)
http://serverfault.com/questions/231950/openvpn-ipv6-tunnel-radvd