community wiki
Changelog
Documentation
Toggle dark mode
Login
Home
A - Z
Page Index
Archived
ACKSystemReview
BuildingTapWindows
BuildingUsingGenericBuildsystem
DynamicDNS
GettingOpenvpnBuild
HLKTesting
IOSinline
Nonprivileged
OpenvpnMSIInstaller
Optimizing Performance on Gigabit Networks
PerformanceTesting
PrivilegeSeparation
RoadMap
SecurityOverview
StaticKeyMiniHowto
TapWindowsLicenseChange
TracWikiReplacements
UsingSmartcards
Changelogs
ChangesInOpenVPN1x
ChangesInOpenVPN20
ChangesInOpenVPN21
ChangesInOpenVPN22
ChangesInOpenVPN23
ChangesInOpenVPN24
ChangesInOpenVPN25
ChangesInOpenVPN26
Community Forum
DataChannelOffload
CapaNegotiation
Features
How To Contribute
LinuxUAPI
NonLinuxPlatforms
Routing
UsingDCO
WhatChanges
Development
CodeStyle
Contributing
DeveloperDocumentation
GerritBestPractices
OpenVPNMSICA
OpenVPN_QA
Openvpn2ReleaseProcess
PackageMaintainers
ReleaseOfOpenVPN
ServerSideTestingImprovementPlan
SettingUpBuildslave
StatusOfOpenvpn24
StatusOfOpenvpn25
StatusOfOpenvpn26
StatusOfOpenvpn27
StatusOfOpenvpn28
TesterDocumentation
Downloads
Verify signature
FAQ
247-i-am-having-problems-running-openvpn-with-the-windows-xp-firewall-enabled-whats-wrong
249-upgraded-the-openvpn-daemon-on-one-side-of-the-connection-to-v20-and-now-it-cant-connect
251-openvpn-server-successfully-connected-a-client-to-it-but-when-i-try-to-connect-a-second-client-the
253-tls-error-tls-key-negotiation-failed-to-occur-within-60-seconds-check-your-network-connectivity
255-qconnection-initiated-with-xxxxq-but-i-cannot-ping-the-server-through-the-vpn
257-can-an-openvpn-server-be-set-up-on-a-machine-with-a-single-nic
259-tap-win32-adapter-is-not-coming-up-initialization-sequence-completed-with-errors
261-when-i-try-configure-on-red-hat-9-linux-or-higher-it-complains-about-openssl-headers-not-found
263-openvpn-can-ping-both-peers-but-i-cant-reach-any-of-the-other-machines-on-the-remote-subnet
265-how-do-i-enable-ip-forwarding
267-i-am-having-trouble-getting-openvpn-1x-to-talk-with-openvpn-20
269-tue-oct-26-143448-2004-36880-write-udpv4--no-buffer-space-available-code105
271-i-can-ping-through-the-tunnel-but-any-real-work-causes-it-to-lock-up-is-this-an-mtu-problem
273-qifconfig-poolq-option-use-a-30-subnet-4-private-ip-addresses-per-client-when-used-in-tun-mode
275-why-cant-i-run-openvpn-on-windows-from-a-non-admin-user-account
277-i-uninstalled-openvpn-on-windows-2000-and-now-it-appears-that-winsock-is-broken-how-to-fix
279-are-there-any-issues-related-to-pushing-dhcp-options-to-windows-clients
281-what-to-do-if-the-installation-of-the-tap-win32-driver-fails
283-can-i-run-multiple-openvpn-tunnels-on-a-single-machine
285-everything-seems-to-be-configured-correctly-but-i-cant-ping-across-the-tunnel
287-is-ipv6-support-plannedin-the-works
289-how-can-i-build-a-binary-rpm-package-for-my-specific-linux-platform
291-on-slackware-i-get-the-error-cipher-algorithm-bf-cbc-not-found-openssl
293-what-is-the-principle-behind-openvpn-tunnels
295-are-there-any-known-security-vulnerabilities-with-openvpn
297-is-it-important-to-openvpn-security-practices-to-build-an-intermediate-certificate-authoritykey
299-can-openvpn-handle-the-situation-where-both-ends-of-the-connection-are-dynamic
301-does-openvpn-support-certificate-revocation-lists-crls
303-how-stable-is-the-openvpn-protocol-ie-can-old-versions-of-openvpn-talk-to-new-versions
305-what-is-the-difference-between-a-tun-device-and-a-tap-device
307-what-is-bridging
309-what-is-the-difference-between-bridging-and-routing
311-what-are-the-fundamental-differences-between-bridging-and-routing-in-terms-of-configuration
313-how-can-i-connect-windows-xp-to-a-linux-based-samba-server-using-routing-rather-than-bridging
315-i-get-the-error-cannot-ioctl-tunsetiff-tun0-file-descriptor-in-bad-state-errno77
317-qmulti-bad-source-address-from-client--packet-droppedq-or-qget-inst-by-virt-failedq
319-how-do-i-make-the-windows-network-adapter-my-default-adapter-again
321-remap-local-addresses-to-connect-two-networks-with-an-overlap-in-the-private-address-range
323-i-want-to-set-up-an-ethernet-bridge-on-the-1921681024-subnet-existing-dhcp
325-openvpn-as-a--forking-tcp-server-which-can-service-multiple-clients-over-a-single-tcp-port
327-changed-hex-bytes-in-the-static-key-the-key-still-connects-to-a-remote-peer-using-the-original-key
328-route-and-route-ipv6-in-ccd-files
329-problems-with-tls
330-CanIUseAWebBrowserAsAnOpenvpnClient
331-DoesOpenvpnSupportIpsecOrPptp
332-CanOpenvpnTunnelOverATcpConnection
333-WhyChooseTLSAsOpenvpnsUnderlyingAuthenticationAndKeyNegotiationProtocol
334-WhyMyOpenVPNTunnelDoesNot
GSoC2026_ideas
GSoC_howtopropose
HOWTO
Home
MTU and Fragments
Meetings
2010
2010-04-22
2010-04-29
2010-05-06
2010-05-13
2010-05-20
2010-05-27
2010-06-03
2010-06-10
2010-06-17
2010-07-01
2010-07-08
2010-07-15
2010-07-22
2010-07-29
2010-08-05
2010-08-12
2010-08-19
2010-08-26
2010-09-02
2010-09-16
2010-09-23
2010-10-14
2010-10-21
2010-11-18
2010-11-25
2010-12-02
2010-12-09
2010-12-16
2011
2011-01-06
2011-01-13
2011-02-10
2011-02-17
2011-03-24
2011-04-07
2011-04-14
2011-04-28
2011-05-19
2011-06-09
2011-06-16
2011-06-30
2011-07-07
2011-07-14
2011-07-21
2011-07-26
2011-07-28
2011-08-03
2011-08-11
2011-08-18
2011-08-25
2011-09-01
2011-09-08
2011-09-14
2011-09-15
2011-09-29
2011-10-06
2011-10-20
2011-11-24
2011-12-08
2012
2012-01-19
2012-03-15
2012-04-26
2012-05-31
2012-06-21
2012-11-29
2013
2013-04-18
2013-04-25
2013-05-09
2013-05-23
2013-06-20
2013-07-11
2013-08-08
2013-08-22
2013-11-16
2013-ProductNamespaces
2014
2014-01-09
2014-04-24
2014-10-23
2014-11-24
2014-12-22
2014-12-29
2015
2015-01-12
2015-01-19
2015-02-02
2015-03-30
2015-04-13
2015-04-27
2015-05-04
2015-05-18
2015-06-01
2015-06-15
2015-06-29
2015-07-13
2015-07-27
2015-08-10
2015-08-24
2015-09-07
2015-09-21
2015-10-05
2015-10-26
2015-11-09
2015-11-23
2015-12-14
2015-12-28
2016
2016-01-11
2016-02-01
2016-05-09
2016-05-30
2016-06-13
2016-08-15
2016-08-22
2016-10-10
2016-11-07
2016-11-14
2016-11-23
2016-11-30
2016-12-07
2016-12-14
2016-12-21
2017
2017-01-04
2017-02-22
2017-03-15
2017-09-12
2017-09-20
2017-09-27
2017-10-04
2017-10-11
2017-10-18
2017-10-25
2017-11-01
2017-12-06
2017-12-13
2017-12-20
2018
2018-01-03
2018-01-10
2018-01-17
2018-01-24
2018-01-31
2018-02-21
2018-03-07
2018-03-14
2018-03-21
2018-04-04
2018-04-18
2018-05-02
2018-05-23
2018-05-30
2018-06-06
2018-06-13
2018-07-04
2018-09-19
2018-09-26
2018-10-03
2018-10-10
2018-10-24
2018-11-14
2018-11-28
2018-12-05
2018-12-12
2018-12-19
2019
2019-02-13
2019-03-12
2019-03-20
2019-03-27
2019-04-03
2019-04-11
2019-04-17
2019-04-25
2019-05-01
2019-05-09
2019-05-15
2019-05-23
2019-05-29
2019-06-06
2019-06-12
2019-06-20
2019-06-26
2019-07-04
2019-07-10
2019-07-18
2019-07-24
2019-08-07
2019-08-15
2019-08-21
2019-08-29
2019-09-04
2019-09-12
2019-09-18
2019-09-26
2019-10-02
2019-10-10
2019-10-16
2019-10-24
2019-10-30
2019-11-21
2019-11-27
2019-12-05
2019-12-11
2019-12-19
2020
2020-01-06
2020-01-08
2020-01-16
2020-01-22
2020-01-30
2020-02-05
2020-02-13
2020-02-19
2020-02-27
2020-03-04
2020-03-12
2020-03-18
2020-03-26
2020-04-01
2020-04-09
2020-04-15
2020-04-23
2020-04-29
2020-05-07
2020-05-13
2020-05-21
2020-05-27
2020-06-04
2020-06-10
2020-06-18
2020-06-24
2020-07-02
2020-07-08
2020-07-16
2020-07-22
2020-07-30
2020-08-13
2020-08-19
2020-08-27
2020-09-02
2020-09-10
2020-09-16
2020-09-24
2020-09-30
2020-10-08
2020-10-14
2020-10-22
2020-10-28
2020-11-05
2020-11-11
2020-11-19
2020-11-25
2020-12-03
2020-12-09
2020-12-17
2021
2021-01-06
2021-01-20
2021-01-27
2021-02-03
2021-02-10
2021-02-17
2021-02-24
2021-03-03
2021-03-10
2021-03-24
2021-03-31
2021-04-07
2021-04-14
2021-04-21
2021-04-28
2021-05-05
2021-05-12
2021-05-19
2021-05-26
2021-06-02
2021-06-09
2021-06-16
2021-06-23
2021-06-30
2021-07-07
2021-07-14
2021-07-21
2021-07-28
2021-08-04
2021-08-11
2021-08-18
2021-08-25
2021-09-01
2021-09-08
2021-09-15
2021-09-22
2021-09-29
2021-10-13
2021-10-20
2021-10-27
2021-11-10
2021-11-17
2021-11-24
2021-12-01
2021-12-08
2021-12-15
2021-12-22
2022
2022-01-05
2022-01-12
2022-01-19
2022-01-26
2022-02-02
2022-02-09
2022-02-16
2022-02-23
2022-03-02
2022-03-09
2022-03-16
2022-03-23
2022-03-30
2022-04-06
2022-04-13
2022-04-20
2022-04-27
2022-05-04
2022-05-11
2022-05-18
2022-05-25
2022-06-01
2022-06-08
2022-06-15
2022-06-22
2022-06-29
2022-07-06
2022-07-13
2022-07-20
2022-07-27
2022-08-03
2022-08-10
2022-08-17
2022-08-24
2022-08-31
2022-09-07
2022-09-14
2022-09-21
2022-09-28
2022-10-05
2022-10-12
2022-10-19
2022-10-26
2022-11-09
2022-11-23
2022-11-30
2022-12-07
2022-12-14
2022-12-21
2022-12-28
2023
2023-01-11
2023-01-18
2023-01-25
2023-02-01
2023-02-08
2023-02-15
2023-02-22
2023-03-01
2023-03-08
2023-03-15
2023-03-22
2023-03-29
2023-04-12
2023-04-19
2023-04-26
2023-05-03
2023-05-10
2023-05-17
2023-05-24
2023-05-31
2023-06-07
2023-06-14
2023-06-21
2023-06-28
2023-07-05
2023-07-12
2023-07-19
2023-07-26
2023-08-02
2023-08-09
2023-08-16
2023-08-23
2023-08-30
2023-09-06
2023-09-13
2023-09-20
2023-09-27
2023-10-11
2023-10-18
2023-10-25
2023-11-01
2023-11-08
2023-11-15
2023-11-22
2023-11-29
2023-12-06
2023-12-13
2023-12-20
2024
2024-01-10
2024-01-17
2024-01-24
2024-01-31
2024-02-07
2024-02-14
2024-02-21
2024-02-28
2024-03-06
2024-03-13
2024-03-20
2024-03-27
2024-04-03
2024-04-10
2024-04-17
2024-04-24
2024-05-01
2024-05-08
2024-05-15
2024-05-22
2024-05-29
2024-06-05
2024-06-19
2024-06-26
2024-07-03
2024-07-10
2024-07-17
2024-07-24
2024-07-31
2024-08-07
2024-08-14
2024-08-21
2024-08-28
2024-09-04
2024-09-11
2024-09-18
2024-09-25
2024-10-02
2024-10-09
2024-10-16
2024-10-23
2024-10-30
2024-11-06
2024-11-13
2024-11-20
2024-11-27
2024-12-04
2024-12-11
2025
2025-01-08
2025-01-15
2025-01-22
2025-01-29
2025-02-05
2025-02-19
2025-02-26
2025-03-05
2025-03-12
2025-04-16
2025-04-23
2025-05-07
2025-05-14
2025-05-21
2025-05-28
2025-06-04
2025-06-11
2025-06-18
2025-07-02
2025-07-09
2025-07-16
2025-07-23
2025-07-30
2025-08-06
2025-08-13
2025-08-27
2025-09-03
2025-09-10
2025-09-17
2025-09-24
2025-10-01
2025-10-08
2025-10-15
2025-10-22
2025-11-05
2025-11-12
2025-11-19
2025-11-26
2025-12-03
2025-12-10
2025-12-17
2026
2026-01-14
2026-01-21
2026-02-04
2026-02-11
2026-02-18
2026-02-25
2026-03-04
2026-04-01
Meetups
2013-Munich
2014-Munich
2015-Delft
2016-Helsinki
2017-Karlsruhe
2018-Lviv
2019-Trento
2021-Munich
2022-Delft
2023-Orihuela
2024-Karlsruhe
2025-Naples
2026-Paderborn
PQCryptoOpenVPN
Pages
AvoidRoutingConflicts
BridgingAndRouting
BridgingOverview
BuildingOnWindows
BuildingOpenVPN-GUI
BuildingTapWindows6
CertificateRevocationListExpired
CipherNegotiation
CodeRepositories
Compression
Concepts-Addressing
Concepts-Authentication
Concepts-PolicyRouting-Linux
Deprecated options
Easy Windows Guide
EasyRSA
EasyRSA3-OpenVPN-Howto
Fix for site-to-site OpenVPN on ubiquiti unifi routers
Getting help
Getting started with OpenVPN
Getting tap-windows
GettingEasyRsa
Hardening
HowPacketsFlow
How_does_PKI_work
IPv6
IgnoreRedirectGateway
Managing TAP-Windows drivers
NatHack
NonEnglishResources
OpenVPN software repos
OpenVPN-GUI-New
OpenVPN25_Windows_MSI_Unattended_Install
OpenVPN3Linux
OpenVPNBridging
OpenVPNInteractiveservice
Openvpn-systemd-use
OpenvpnBooks
OpenvpnLogosAndIcons
OverviewOfOpenvpn
PluginOverview
Pushing-DNS-to-clients
RelatedProjects
RoutedLans
Supported versions
Systemd
Tap rename script
TapRenameScript
Tapctl
Topology
TrafficObfuscation
UnprivilegedUser
Using-mbedtls
Using_Certificate_Chains
WikiCredentials
WindowsBrowsing
easy_rsa_fr
easyrsa-upgrade
reset-network-tcp-ip-stack
ReleaseHistory
Security Announcements
CCSInjection
CVE-2016-10229
CVE-2017-12166
CVE-2018-7544
CVE-2020-15078
CVE-2021-3547
CVE-2021-3606
CVE-2022-0547
CVE-2023-46849
CVE-2023-46850
CVE-2023-6247
CVE-2023-7235
CVE-2024-1305
CVE-2024-13454
CVE-2024-24974
CVE-2024-27459
CVE-2024-27903
CVE-2024-28882
CVE-2024-4877
CVE-2024-5198
CVE-2024-5594
CVE-2025-10680
CVE-2025-12106
CVE-2025-13086
CVE-2025-13751
CVE-2025-15497
CVE-2025-2704
CVE-2025-3908
CVE-2025-50054
CVE-2026-2738
DUHKattack
NSISBug1125
QuarkslabAndCryptographyEngineerAudits
SWEET32
SecurityAnnouncement-97597e732b
SecurityAnnouncement-FREAK
SecurityAnnouncement-f375aa67cc
SecurityOverview
SecurityVulnerabilities
TLSTripleHandshakeVulnerabilityAndOpenVPN
TapWindows6BufferOverflowVulnerability
TunnelCrack
UnquotedServicePathIn24WindowsInstallers
VORACLE
VulnerabilitiesFixedInOpenSSL1_0_1i
VulnerabilitiesFixedInOpenSSL1_0_1j
VulnerabilitiesFixedInOpenSSL1_0_1m
VulnerabilitiesFixedInOpenVPN243
heartbleed
An Otter Wiki
Pages
Page Index
Toggle page headings
A
AvoidRoutingConflicts
B
BridgingAndRouting
Bridging vs. routing
Using routing
Using routing and OpenVPN not running on the default gateway
BridgingOverview
Bridging Setup
Bridge Server on Linux
Bridge Server on Windows XP
Bridge Client configuration
Ethernet Bridging Notes
Notes -- Ethernet Bridging on Windows
Notes -- Ethernet Bridging on Linux, Setup Scripts
sample-scripts/bridge-start
sample-scripts/bridge-stop
BuildingOnWindows
BuildingOpenVPN-GUI
Prerequisites
Build steps
Building OpenVPN-GUI on Linux
BuildingTapWindows6
Requirements
Setting up the SMB share
Building
Hints
Modifying the Visual Studio project files
Installing certificates
Querying the certificate store
Creating catalog files with inf2cat
Signing files with signtool.exe
Validating signatures
External links
C
CertificateRevocationListExpired
CipherNegotiation
Effective directives and terms
Poor Man's NCP
Common configurations
Servers
Clients
Expected Behaviour indexed by Server version
Server version 2.5
Default configuration: No effective directives specified.
Client version 2.5
Client version 2.4
Client version 2.3
Client version 2.2
Server version 2.5 Configuring: --data-ciphers
Client version 2.3
Client version 2.2
Server version 2.4
Default configuration: No effective directives specified.
Client version 2.5
Client version 2.4
Client version 2.3
Client version 2.2
Server version 2.4 Configuring: --cipher
Client version 2.5
Client version 2.4
Client version 2.3
Client version 2.2
Server version 2.4 Configuring: --cipher and --ncp-disable
Client version 2.5
Client version 2.4
Client version 2.3
Client version 2.2
Server version 2.3
Default configuration: No effective directives specified.
Client version 2.5
Client version 2.4
Client version 2.3
Client version 2.2
Server version 2.3 Configuring: --cipher
Client version 2.5
Client version 2.4
Client version 2.3
Client version 2.2
Server version 2.2
Default configuration: No effective directives specified.
Client version 2.5
Client version 2.4
Client version 2.3
Client version 2.2
Server version 2.2 Configuring: --cipher
Client version 2.5
Client version 2.4
Client version 2.3
Client version 2.2
Special requirement: OpenVPN built with --enable-small
Server version 2.3 built with --enable-small
Default configuration: No effective directives specified.
Client version 2.5
Server version 2.3 built with --enable-small
Configuring: --cipher
Client version 2.5
Client version 2.3 built with --enable-small
Default configuration: No effective directives specified.
Server version 2.5
Client version 2.3 built with --enable-small
Configuring: --cipher
Server version 2.5
CodeRepositories
Main development repositories (!GitHub)
Branches and tags in openvpn.git
Obsolete repositories
James' SVN repository
Old CVS repository
Compression
Background
Make Compression Secure
Asymmetric Compression is the default behaviour in OpenVPN 2.5
Bottom line
Future changes
Concepts-Addressing
Addressing Basics for Server/Client
Addressing in p2p (non-server) mode
The Address Pool
Static Address Assignment
Examples
Examples for subnet topology
subnet Example with full pool
subnet Example with static ccd
Examples for net30 topology
net30 Example with full pool
net30 Example with static ccd
Examples for p2p topology
Common client config for p2p examples
Using a /24
Advanced example: utilizing a /30
Concepts-Authentication
Authentication basics
Overview of the auth process
Authentication process details
Certificates vs. usernames
Advanced authentication options
tls-verify
client-connect
Concepts-PolicyRouting-Linux
Configuration
Conclusion
Note on another way to do it
D
Deprecated options
Remove clear-text VPN mode | Status: Under consideration
Change default --topology net30 to subnet | Status: Pending
Option: --key-method | Status: Removed in OpenVPN v2.5
Option: --tls-remote | Status: Removed in OpenVPN v2.4
Option: --compat-names | Status: Removed in OpenVPN v2.5
Option: --no-name-remapping | Status: Removed in OpenVPN v2.5
Option: --no-iv | Status: Removed in OpenVPN v2.5
Option: --no-replay | Status: Removed in OpenVPN v2.7
Policy: Removal of insecure ciphers | Status: To be decided
Policy: Migrate away from deprecated ciphers. Status: In progress
Option: --keysize | Status: Removed in OpenVPN v2.6
Option: --comp-lzo | Status: Pending removal
Option: --comp-noadapt | Status: Pending removal
Option: --compress | Status: Pending removal
Option: --ifconfig-pool-linear | Status: Removed in OpenVPN v2.5
Option: --client-cert-not-required | Status: Removed in OpenVPN v2.5
Option: --ns-cert-type | **Status: Pending removal
Option: --tun-ipv6 | Status: Ignored, pending removal
Policy: Automatic Up-casing of X509 Certificate field names | Status: Completed in OpenVPN 2.5
Option: --max-routes | Status: Ignored, pending removal
Option: --dhcp-release | Status: Ignored, pending removal
Option: --route-nopull | Status: To be decided
Option: --genkey --secret | Status: Deprecated, pending removal
Option: --secret | Status: Deprecated, pending removal
Option: --ncp-disable | Status: Removed in OpenVPN v2.6
plugin: _v1 and _v2 functions for open and func call | Status: Pending removal
Option: --inetd | Status: Removed in OpenVPN v2.6
Windows: openvpn-legacy-service | Status: Removed
Option: --persist-key | Status: To be decided
Option: --verify-hash | Status: Pending removal
Option: --link-mtu | Status: Pending Deprecation
Option: --management-client-pf | Status: Removed in OpenVPN v2.6
Option: --prng | Status: Ignored, pending removal
Option: --opt-verify | Status: Deprecated, pending removal
Option: --disable-occ | Status: Deprecated, pending removal
NTLM v1 authentication support in --http-proxy | Status: Deprecated, pending removal
NTLM v2 authentication support in --http-proxy | Status: To be deprecated in 2.7
E
Easy Windows Guide
Downloading and Installing OpenVPN
Installing manually
Installing with Chocolatey
Certificates and Keys
Preparatory Steps
Building Certificates and Keys
Configuration Files
Server Config File
Client Config Files
Enable IP forwarding on OpenVPN server
Enable packet forwarding on the Cloud provider
Starting OpenVPN
Further Considerations / Troubleshooting
Firewall Configuration
Port Forwarding
Static Internet IP
Running OpenVPN as a Service
Enabling OpenVPN service using services.msc
Enabling OpenVPN service using Powershell
Security Tips
Cloning OpenVPN Servers
EasyRSA
Easy-RSA v2
Upgrade from Easy-RSA v2 to Easy-RSA v3
EasyRSA3-OpenVPN-Howto
Process Overview
Easy-RSA and MITM protection with OpenVPN
PKI procedure: using a separate CA system
DH Generation
PKI procedure: Producing your complete PKI on the CA machine
easy_rsa_fr
Installation
Créer son propre certificat d'autorité racine de certification (root CA)
Créer un certificat d'autorité intermédiaire de certification (optionnel)
Créer les paramètres Diffie-Hellman
Créer une requête de signature de certificat
Signer une requête de signature de certificat
Créer et signer une requête de signature de certificat à l'aide d'un certificat racine installé en local
Important
Notes
easyrsa-upgrade
Setup
Examples
Usage
Steps
Before
After
Fails
Incompatible vars file
Too many vars files #ersa-up23-fails-vars-bat
CA certificate does not match vars/vars.bat file settings
v30x to v306
Debian-based distros
Help
F
Fix for site-to-site OpenVPN on ubiquiti unifi routers
Background
The problem
The fix
How to fix
G
Getting help
Introduction
User Support
Documentation
User IRC Channel
User Support Forums
User Mailing List
Developer Support
Developer IRC Channel
Developer Mailing List
Security Issues List
OpenVPN Access Server Support
Access Server Support Ticket System
Access Server Forum Boards
Getting started with OpenVPN
Setting up the connection
Configuring encryption
Configuring authentication
TLS Authentication
Username / password authentication
Even stricter certificate checks
Adding certificate revocation lists
Configuring the network layer
Routing everything over the VPN
What about IPv6?
Other aspects to consider when configuring a VPN
Getting tap-windows
Fetching tap-windows source code
Getting tap-windows releases
GettingEasyRsa
Fetching easy-rsa using Git
Getting easy-rsa releases
H
Hardening
Hardening OpenVPN
Practice secure PKI management
X.509 key size
Use of --tls-version-min
Use of --tls-cipher
Use of --tls-auth
HowPacketsFlow
How_does_PKI_work
It's (almost) all about Certificates
The Certificate Authority
Preparing a CA
Servers and their certificates
Clients and their certificates
Invalidating certificates
I
IPv6
Overview
Providing IPv6 outside the tunnel
Providing IPv6 inside the tunnel
Requirements
Details: IPv6 routed block
Additional OpenVPN config
Config stanza using the helper
Config stanza with expanded directives
Pushing IPv6 routes
Splitting a single routable IPv6 netblock
Split netblock configuration
Client issues
IgnoreRedirectGateway
Method 1: filter the pushed option
Method 2: ignore
Method 3: override
M
Managing TAP-Windows drivers
Manual configuration of the TAP-Windows adapter
Installing and uninstalling TAP-drivers
Extracting TAP-drivers from OpenVPN installers
Windows TAP device naming
Renaming the TAP-driver
Debugging installation problems
N
NatHack
Why NAT-hack?
openVPN server on Linux
openVPN server on Windows XP
To set up a route on the clients
NonEnglishResources
French (Français)
German (Deutsch)
Spanish (Español)
Japanese (日本語)
Poland (Polish)
Russian (Русский)
O
OpenVPN software repos
Repository HOWTOs
Fedora / RHEL: Using Fedora Copr
OpenVPN kernel module (DCO)
Debian / Ubuntu: Using OpenVPN apt repositories
OpenVPN kernel module (DCO)
Notes on expired keys
Debian/Ubuntu: Using openSUSE Buildservice for master snapshot packages
openSUSE/SLES: Using openSUSE Buildservice
OpenVPN-GUI-New
Locating the OpenVPN-GUI
Preparing your installation to use the OpenVPN-GUI successfully
Importing your first connection profile (config file) into the OpenVPN-GUI
Setting up membership of the OpenVPN Administrators local group
Navigating the OpenVPN-GUI menus
Viewing the log file
Editing the configuration file
Entering Username and Password
Trouble shooting
OpenVPN-GUI Settings
The Settings menu, General tab
The Settings menu, Proxy tab
The Settings menu, Advanced tab
The Settings menu, About tab
Built-in help
Contributing
Common connection problems
Known issues
OpenVPN25_Windows_MSI_Unattended_Install
OpenVPN3Linux
Pre-built packages
Footnotes
Stable repository - Debian / Ubuntu
Stable repository - Red Hat Enterprise Linux
Development/beta repository - Debian / Ubuntu
Fedora Copr repository - Fedora / Red Hat Enterprise Linux
OpenVPN Data Channel Offload
Quick start - how to use OpenVPN 3 Linux
Using openvpn2
Using openvpn3
Starting a one-shot configuration profile
Importing a configuration file for re-use and starting a VPN session
Starting a new VPN session from an imported configuration profile
Managing a running VPN session
Further information
OpenVPNBridging
Do you need bridging?
Bridge setup
Permanent vs. transient bridge
Windows
Linux
Debian-like (Debian, Ubuntu and derivatives)
Redhat-like (RHEL, CentOS, Fedora)
Mac OS X
FreeBSD
Solaris
OpenVPN configurations
Server configuration
Linux
Mac OS X
FreeBSD
Solaris
Client configuration
OpenVPNInteractiveservice
Introduction
How It Works
Client-Service Communication
Connecting
openvpn.exe Startup
openvpn.exe Process ID
openvpn.exe Monitoring and Termination
Error Messages
Interactive Service Configuration
Multiple Interactive Service Instances
Installing a Non-default Interactive Service Instance
Openvpn-systemd-use
Verify OpenVPN systemd support
Using OpenVPN with systemd support
Start at boot
Interrogate systemd
Use journalctl
Notes
Known issues
OpenvpnBooks
OpenvpnLogosAndIcons
OverviewOfOpenvpn
OpenVPN Access Server (OAS)
What can you do with OpenVPN?
What distinguishes OpenVPN from other VPN packages?
P
PluginOverview
OpenVPN Plugins
Existing Plugins
Fully maintained by OpenVPN maintainers
Sample plugins in the OpenVPN source tree (not considered "ready for production")
Plugins maintained elsewhere
Documentation
Pushing-DNS-to-clients
Using DNS servers pushed to a Linux client
Using DNS servers pushed to a Windows client
Additional notes
R
RelatedProjects
Windows client GUI
Windows System Service
Active projects
Ports
Client GUI
Management GUI
Certificate management
Authentication
Patchsets / modifications ==
Services
Non-OpenVPN services
Misc
Inactive projects
RoutedLans
ROUTES TO ADD OUTSIDE OF OPENVPN
Caveats
reset-network-tcp-ip-stack
Reset Network TCP/IP stack
Windows XP
Windows Vista, 7, 8, 10
S
Supported versions
Current releases and support categorization
Support categories
Supported Windows versions
Suppported OpenSSL versions
Sources for binary packages:
Systemd
OpenVPN systemd use
Build OpenVPN with systemd support
Using OpenVPN with systemd support
Known issues
T
Tap rename script
Description
TapRenameScript
Description
Tapctl
Introduction
User Manual
Creating a TAP/TUN network interface
Listing installed TAP interfaces
Removing a TAP interface
Developer Notes
Source files
Topology
Possible topology choices
Topology subnet
Example subnet configs
Topology net30
Example net30 configs
Topology p2p
Example p2p configs
TrafficObfuscation
Use static keys
Use obfsproxy
A quick obfsproxy setup
Client side
Server side
U
UnprivilegedUser
Init Script
Wrapper for ip
Secure Wrapper
TUN/TAP Device
User
Config Changes
Usage
Troubleshooting
Init Script
Logs
Sudo
Permissions
SELinux
Run OpenVPN within unprivileged podman container
Using-mbedtls
Limitations compared to OpenSSL
Building the mbedtls-enabled OpenVPN
Using_Certificate_Chains
Certificate chains versus stacked certificates
How to use certificate chains in OpenVPN
W
WikiCredentials
WindowsBrowsing
Overview of Solution Options
Using local DNS
Using public DNS
Using WINS
Using tap
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9
