diff options
author | bnewbold <bnewbold@robocracy.org> | 2012-06-10 14:43:50 -0400 |
---|---|---|
committer | bnewbold <bnewbold@robocracy.org> | 2012-06-10 14:43:50 -0400 |
commit | 769882d21e83484eca63d86bd4404f8fdd18c7c3 (patch) | |
tree | 9440eff6dff34cf44b0755b7e09834e5dd241912 /networking | |
parent | 7ddd4409845e8895316d7b378b4364037312da40 (diff) | |
download | knowledge-769882d21e83484eca63d86bd4404f8fdd18c7c3.tar.gz knowledge-769882d21e83484eca63d86bd4404f8fdd18c7c3.zip |
TCP vpn
Diffstat (limited to 'networking')
-rw-r--r-- | networking/ipv6vpn.page | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/networking/ipv6vpn.page b/networking/ipv6vpn.page index 4aef252..c9f1ca0 100644 --- a/networking/ipv6vpn.page +++ b/networking/ipv6vpn.page @@ -35,6 +35,18 @@ Then copy the following to /etc/openvpn/server.conf: proto udp dev tun tun-ipv6 + ca ca.crt + cert server.crt + key server.key + dh dh1024.pem + keepalive 10 120 + comp-lzo + persist-key + persist-tun + status openvpn-status.log + verb 3 + ;ifconfig fec0::1 fec0::2 + ;route 2600:3c03:e001:1301::/64 fec0::2 Add openvpn to the default service group and bring up the daemon: @@ -88,6 +100,8 @@ and scp credentials to /etc/openvpn: option verb 3 option mute 20 option comp_lzo 1 + option ping 10 + option ping-restart 120 Select "start" in the web interface; for whatever reason this always results in a new configuration being generated, just ignore it. If the status doesn't @@ -114,6 +128,15 @@ Restart the whole kit-and-kaboodle, re-enable openvpn, and see if things work! If it doesn't, try watching syslog on both ends while attempting pings, and inspect the addresses and routing tables with ``ip -6 route`` and ``ifconfig``. +## TCP Follow Up + +With the above configuration (based on UDP), I would eventually (after a few +days) get ``TLS Error: local/remote TLS keys are out of sync`` errors and need +to restart both ends. + +I'm now testing with TCP ("option proto tcp-client" on the client and "proto +tcp-server" on the VPS server). + # Lazy plaintext no-config Method (raw, for historical reference) http://serverfault.com/questions/231950/openvpn-ipv6-tunnel-radvd |