Difference between revisions of "Talk:OpenVPN"

From ArchWiki
Jump to: navigation, search
(DNS leaks: re)
 
(145 intermediate revisions by 30 users not shown)
Line 1: Line 1:
This article needs a lot of help.  I am in the process of fleshing it out, but will probably need help when finished, since I'm not very knowledgeable about vpn.[[User:Jhernberg|Jhernberg]] 22:20, 25 December 2011 (EST)
+
== LDAP ==
  
== Missing details ==
+
I'd like to propose adding an LDAP section describing how to have OpenVPN authenticate against an OpenLDAP server. This could be an optional step and does not require client certificates. [[User:Cirkit|Cirkit]] ([[User talk:Cirkit|talk]]) 00:32, 23 September 2017 (UTC)
  
There are some things that I think would have been extremely helpful to add in this article, primarily relating to iptables. For example, in Routing_the_LAN_of_a_client_to_the_server it might have been useful to say, "do something like iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 10.4.4.30" rather than "Use the iptables NAT feature to masquerade the IP packets."
+
== DNS leaks ==
  
I think more handholding would help this article a lot--it certainly would have helped me figure this out much faster. If no one disagrees, I'd like to add several sections on appropriate iptables rules to add. [[User:Buhman|Buhman]] 17:11, 9 April 2012 (EDT)
+
Regarding the [[OpenVPN#Prevent leaks if VPN goes down]] section, I don't get why "DNS will not work unless running a dedicated DNS server", the ufw rules above the warning appear to allow DNS.
  
:No objections, all constructive contributions are welcome, just remember that an article shouldn't be just a list of instructions: "handholding" is fine as long as it also explains ''why'' something needs to be done, so in your example above the existent sentence should be kept and your iptables line should be presented just as an example. -- [[User:Kynikos|Kynikos]] 08:46, 10 April 2012 (EDT)
+
--[[User:Larivact|Larivact]] ([[User talk:Larivact|talk]]) 12:13, 11 August 2018 (UTC)
  
:To be honest, I think this article, the way it is now, uses way too much handholding. (I liked it more the way it was [https://wiki.archlinux.org/index.php?title=OpenVPN&oldid=170796] ). It have things like: "Edit /root/easy-rsa/vars and at a minimum set the KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL parameters (do not leave any of these parameters blank)", instead of just "Edit /root/easy-rsa/vars according to your preferences"
+
:Which rules? The Openvpn tunnel's two do, but the section is about that dropping. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 21:12, 30 November 2018 (UTC)
:Maybe the solution could be the path  [[Beginners' Guide]] and [[Installation Guide]] took;  One, super handholding-type guide, and the other as a checklist-type guide... hmm, maybe I'll write such article [[User:Chrisl|Chrisl]] ([[User talk:Chrisl|talk]]) 18:48, 16 August 2012 (UTC)
 
 
 
:I have some time to work on this again (vacation), hopefully I'll get at least some more stuff done.  If someone wants to add iptables instructions please go ahead.  There is some preliminary stuff that Kynikos uncovered :)  Too much, too little handholding, it's hard too say, and it looks like opinions differ. Maybe let me be verbose and then try to tighten it up and remove unwanted verbosity? [[User:jhernberg|jhernberg]] 21:50, 16 August 2012 (UTC)
 
 
 
In any case, the article still needs a lot more information about the various ways that openvpn can be configured, and any help would be very much appreciated...:) [[User:jhernberg|jhernberg]] 21:55, 16 August 2012 (UTC)
 

Latest revision as of 21:12, 30 November 2018

LDAP

I'd like to propose adding an LDAP section describing how to have OpenVPN authenticate against an OpenLDAP server. This could be an optional step and does not require client certificates. Cirkit (talk) 00:32, 23 September 2017 (UTC)

DNS leaks

Regarding the OpenVPN#Prevent leaks if VPN goes down section, I don't get why "DNS will not work unless running a dedicated DNS server", the ufw rules above the warning appear to allow DNS.

--Larivact (talk) 12:13, 11 August 2018 (UTC)

Which rules? The Openvpn tunnel's two do, but the section is about that dropping. --Indigo (talk) 21:12, 30 November 2018 (UTC)