software:openvpn
Table of Contents
VPN
————————————————————————————————————————————————
VPN Command for Linux
openvpn --verb 9 --dev tun0 --config /etc/openvpn/client.conf
VPN Information and Setup
OpenSwan and Mac and
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html
Microsoft provides Mac users with a free Remote Desktop Connection Client For Mac application
[Openswan Users] Mac OS X can't connect to Openswan server (Linux Kernel 2.6)
Ciphers
http://people.mandriva.com/ybourhis/openvpn/index.html
The following ciphers and cipher modes are available for use with OpenVPN. Each cipher shown below may be used as a parameter to the --cipher option. The default key size is shown as well as whether or not it can be changed with the --keysize directive. Using a CBC mode is recommended. DES-CBC 64 bit default key (fixed) IDEA-CBC 128 bit default key (fixed) RC2-CBC 128 bit default key (variable) DES-EDE-CBC 128 bit default key (fixed) DES-EDE3-CBC 192 bit default key (fixed) DESX-CBC 192 bit default key (fixed) BF-CBC 128 bit default key (variable) RC2-40-CBC 40 bit default key (variable) CAST5-CBC 128 bit default key (variable) RC5-CBC 128 bit default key (variable) RC2-64-CBC 64 bit default key (variable) AES-128-CBC 128 bit default key (fixed) AES-192-CBC 192 bit default key (fixed) AES-256-CBC 256 bit default key (fixed)
openVPN
- Throughput/Performance
- VPNs require encryption/decryption of traffic and that takes CPU cycles.
- One of the important measures of a VPN is its throughput or the amount of data is can pass before it is unable to keep up with the decrypt/encrypt activities. With hardware VPNs this is an easy number to find, but with software products like OpenVPN, your throughput will depend a lot on your hardware.
- For this document, OpenVPN was tested with a Pentium III 1Ghz machine with 512K RAM running Gentoo Linux.
- The other end of the tunnel was a Pentium IV 2.7 GHz machine running Windows XP.
- The link between these two machines max's out at 3 Mbps and OpenVPN was able to keep up with this load without any degradation in throughput.
- The processor loads on both sides were miniscule and while one should not expect OpenVPN to scale linearly, it should handle enough throughput to service most small to medium-sized implementations, and with load balancing or more serious hardware, it could handle many larger implementations as well.
- Additionally, there is the very real possibility that OpenVPN can benefit from the myriad of hardware SSL accelerator cards out there as it is using the standard SSL/TLS functions. (Check the OpenVPN user mailing list for more information).
- OpenVPN does not have a hard limit to the number of tunnels it can sustain.
software/openvpn.txt · Last modified: 2020/10/24 18:44 by superwizard