path: root/networking/
diff options
authorbnewbold <>2012-06-10 14:43:50 -0400
committerbnewbold <>2012-06-10 14:43:50 -0400
commit769882d21e83484eca63d86bd4404f8fdd18c7c3 (patch)
tree9440eff6dff34cf44b0755b7e09834e5dd241912 /networking/
parent7ddd4409845e8895316d7b378b4364037312da40 (diff)
TCP vpn
Diffstat (limited to 'networking/')
1 files changed, 23 insertions, 0 deletions
diff --git a/networking/ b/networking/
index 4aef252..c9f1ca0 100644
--- a/networking/
+++ b/networking/
@@ -35,6 +35,18 @@ Then copy the following to /etc/openvpn/server.conf:
proto udp
dev tun
+ ca ca.crt
+ cert server.crt
+ key server.key
+ dh dh1024.pem
+ keepalive 10 120
+ comp-lzo
+ persist-key
+ persist-tun
+ status openvpn-status.log
+ verb 3
+ ;ifconfig fec0::1 fec0::2
+ ;route 2600:3c03:e001:1301::/64 fec0::2
Add openvpn to the default service group and bring up the daemon:
@@ -88,6 +100,8 @@ and scp credentials to /etc/openvpn:
option verb 3
option mute 20
option comp_lzo 1
+ option ping 10
+ option ping-restart 120
Select "start" in the web interface; for whatever reason this always results in
a new configuration being generated, just ignore it. If the status doesn't
@@ -114,6 +128,15 @@ Restart the whole kit-and-kaboodle, re-enable openvpn, and see if things work!
If it doesn't, try watching syslog on both ends while attempting pings, and
inspect the addresses and routing tables with ``ip -6 route`` and ``ifconfig``.
+## TCP Follow Up
+With the above configuration (based on UDP), I would eventually (after a few
+days) get ``TLS Error: local/remote TLS keys are out of sync`` errors and need
+to restart both ends.
+I'm now testing with TCP ("option proto tcp-client" on the client and "proto
+tcp-server" on the VPS server).
# Lazy plaintext no-config Method (raw, for historical reference)