https://wiki.ixheim.de/index.php?action=history&feed=atom&title=Erkl%C3%A4rungen_OPENVPN_mit_LDAP_User-Authentication_I. 2026-06-29T15:49:30Z Versionsgeschichte dieser Seite in Xinux Wiki MediaWiki 1.35.1 https://wiki.ixheim.de/index.php?title=Erkl%C3%A4rungen_OPENVPN_mit_LDAP_User-Authentication_I.&diff=57128&oldid=prev 2024-10-06T14:34:18Z

<p></p> <table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface"> <col class="diff-marker" /> <col class="diff-content" /> <col class="diff-marker" /> <col class="diff-content" /> <tr class="diff-title" lang="de"> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Nächstältere Version</td> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Version vom 6. Oktober 2024, 14:34 Uhr</td> </tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Zeile 1:</td> <td colspan="2" class="diff-lineno">Zeile 1:</td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*dev tun<del class="diffchange diffchange-inline">** </del>- Aktiviert ein TUN-Interface für VPN-Verbindungen (Layer 3).</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* dev tun - Aktiviert ein TUN-Interface für VPN-Verbindungen (Layer 3).</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*mode server<del class="diffchange diffchange-inline">** </del>- Setzt den OpenVPN-Server-Modus.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* mode server - Setzt den OpenVPN-Server-Modus.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*tls-server<del class="diffchange diffchange-inline">** </del>- Konfiguriert den Server für TLS-Verschlüsselung.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* tls-server - Konfiguriert den Server für TLS-Verschlüsselung.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*port 1194<del class="diffchange diffchange-inline">** </del>- Legt den verwendeten Port für OpenVPN fest (1194).</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* port 1194 - Legt den verwendeten Port für OpenVPN fest (1194).</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*topology subnet<del class="diffchange diffchange-inline">** </del>- Setzt die Netzwerktopologie auf 'subnet' für effizientere Routen.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* topology subnet - Setzt die Netzwerktopologie auf 'subnet' für effizientere Routen.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*server 172.31.2.0 255.255.255.0<del class="diffchange diffchange-inline">** </del>- VPN-Subnetz und Netzmaske.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* server 172.31.2.0 255.255.255.0 - VPN-Subnetz und Netzmaske.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*push &quot;route 172.26.52.0 255.255.252.0&quot;<del class="diffchange diffchange-inline">** </del>- Überträgt die Route an den Client.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* push &quot;route 172.26.52.0 255.255.252.0&quot; - Überträgt die Route an den Client.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*push &quot;dhcp-option DOMAIN lab34.linuggs.de&quot;<del class="diffchange diffchange-inline">** </del>- Überträgt die DNS-Domain an den Client.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* push &quot;dhcp-option DOMAIN lab34.linuggs.de&quot; - Überträgt die DNS-Domain an den Client.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*push &quot;dhcp-option DNS 172.26.54.2&quot;<del class="diffchange diffchange-inline">** </del>- Überträgt die DNS-Serveradresse an den Client.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* push &quot;dhcp-option DNS 172.26.54.2&quot; - Überträgt die DNS-Serveradresse an den Client.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*cipher AES-256-CBC<del class="diffchange diffchange-inline">** </del>- Verschlüsselungsmethode (AES-256-CBC).</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* cipher AES-256-CBC - Verschlüsselungsmethode (AES-256-CBC).</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*link-mtu 1542<del class="diffchange diffchange-inline">** </del>- Maximale Übertragungseinheit (MTU) für OpenVPN.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* link-mtu 1542 - Maximale Übertragungseinheit (MTU) für OpenVPN.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*status /tmp/cool-vpn.status<del class="diffchange diffchange-inline">** </del>- Pfad zur Statusdatei.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* status /tmp/cool-vpn.status - Pfad zur Statusdatei.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*keepalive 10 30<del class="diffchange diffchange-inline">** </del>- Hält die Verbindung aktiv, prüft alle 10 Sekunden.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* keepalive 10 30 - Hält die Verbindung aktiv, prüft alle 10 Sekunden.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*client-to-client<del class="diffchange diffchange-inline">** </del>- Ermöglicht Kommunikation zwischen VPN-Clients.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* client-to-client - Ermöglicht Kommunikation zwischen VPN-Clients.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*max-clients 150<del class="diffchange diffchange-inline">** </del>- Maximale Anzahl gleichzeitiger VPN-Clients.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* max-clients 150 - Maximale Anzahl gleichzeitiger VPN-Clients.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*verb 3<del class="diffchange diffchange-inline">** </del>- Setzt den Detaillierungsgrad der Logs auf Stufe 3.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* verb 3 - Setzt den Detaillierungsgrad der Logs auf Stufe 3.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*dh /etc/openvpn/dh2048.pem<del class="diffchange diffchange-inline">** </del>- Pfad zur Diffie-Hellman-Datei.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* dh /etc/openvpn/dh2048.pem - Pfad zur Diffie-Hellman-Datei.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*ca /etc/openvpn/ca.crt<del class="diffchange diffchange-inline">** </del>- Pfad zur CA-Zertifikatsdatei.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* ca /etc/openvpn/ca.crt - Pfad zur CA-Zertifikatsdatei.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*cert /etc/openvpn/firewall.lab34.linuggs.de.crt<del class="diffchange diffchange-inline">** </del>- Server-Zertifikat.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* cert /etc/openvpn/firewall.lab34.linuggs.de.crt - Server-Zertifikat.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*key /etc/openvpn/firewall.lab34.linuggs.de.key<del class="diffchange diffchange-inline">** </del>- Privater Schlüssel des Servers.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* key /etc/openvpn/firewall.lab34.linuggs.de.key - Privater Schlüssel des Servers.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*client-cert-not-required<del class="diffchange diffchange-inline">** </del>- Erfordert keine individuellen Client-Zertifikate.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* client-cert-not-required - Erfordert keine individuellen Client-Zertifikate.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*compress<del class="diffchange diffchange-inline">** </del>- Aktiviert die Komprimierung der Daten.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* compress - Aktiviert die Komprimierung der Daten.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*persist-key<del class="diffchange diffchange-inline">** </del>- Beibehaltung des Schlüssels über Neustarts.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* persist-key - Beibehaltung des Schlüssels über Neustarts.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*persist-tun<del class="diffchange diffchange-inline">** </del>- Beibehaltung des TUN-Interfaces über Neustarts.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* persist-tun - Beibehaltung des TUN-Interfaces über Neustarts.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*client-config-dir client<del class="diffchange diffchange-inline">** </del>- Pfad zu individuellen Client-Konfigurationen.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* client-config-dir client - Pfad zu individuellen Client-Konfigurationen.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*username-as-common-name<del class="diffchange diffchange-inline">** </del>- Verwendet den Benutzernamen als Common Name.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* username-as-common-name - Verwendet den Benutzernamen als Common Name.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth-ldap.conf login<del class="diffchange diffchange-inline">** </del>- LDAP-Authentifizierung.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth-ldap.conf login - LDAP-Authentifizierung.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* *</del>*script-security 3<del class="diffchange diffchange-inline">** </del>- Erlaubt Skriptausführung für zusätzliche Sicherheit.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* script-security 3 - Erlaubt Skriptausführung für zusätzliche Sicherheit.</div></td></tr> </table>

Thomas.will https://wiki.ixheim.de/index.php?title=Erkl%C3%A4rungen_OPENVPN_mit_LDAP_User-Authentication_I.&diff=57127&oldid=prev 2024-10-06T14:33:16Z

<p>Die Seite wurde neu angelegt: „* **dev tun** - Aktiviert ein TUN-Interface für VPN-Verbindungen (Layer 3). * **mode server** - Setzt den OpenVPN-Server-Modus. * **tls-server** - Konfigurier…“</p> <p><b>Neue Seite</b></p><div>* **dev tun** - Aktiviert ein TUN-Interface für VPN-Verbindungen (Layer 3).<br /> * **mode server** - Setzt den OpenVPN-Server-Modus.<br /> * **tls-server** - Konfiguriert den Server für TLS-Verschlüsselung.<br /> * **port 1194** - Legt den verwendeten Port für OpenVPN fest (1194).<br /> * **topology subnet** - Setzt die Netzwerktopologie auf 'subnet' für effizientere Routen.<br /> * **server 172.31.2.0 255.255.255.0** - VPN-Subnetz und Netzmaske.<br /> * **push &quot;route 172.26.52.0 255.255.252.0&quot;** - Überträgt die Route an den Client.<br /> * **push &quot;dhcp-option DOMAIN lab34.linuggs.de&quot;** - Überträgt die DNS-Domain an den Client.<br /> * **push &quot;dhcp-option DNS 172.26.54.2&quot;** - Überträgt die DNS-Serveradresse an den Client.<br /> * **cipher AES-256-CBC** - Verschlüsselungsmethode (AES-256-CBC).<br /> * **link-mtu 1542** - Maximale Übertragungseinheit (MTU) für OpenVPN.<br /> * **status /tmp/cool-vpn.status** - Pfad zur Statusdatei.<br /> * **keepalive 10 30** - Hält die Verbindung aktiv, prüft alle 10 Sekunden.<br /> * **client-to-client** - Ermöglicht Kommunikation zwischen VPN-Clients.<br /> * **max-clients 150** - Maximale Anzahl gleichzeitiger VPN-Clients.<br /> * **verb 3** - Setzt den Detaillierungsgrad der Logs auf Stufe 3.<br /> * **dh /etc/openvpn/dh2048.pem** - Pfad zur Diffie-Hellman-Datei.<br /> * **ca /etc/openvpn/ca.crt** - Pfad zur CA-Zertifikatsdatei.<br /> * **cert /etc/openvpn/firewall.lab34.linuggs.de.crt** - Server-Zertifikat.<br /> * **key /etc/openvpn/firewall.lab34.linuggs.de.key** - Privater Schlüssel des Servers.<br /> * **client-cert-not-required** - Erfordert keine individuellen Client-Zertifikate.<br /> * **compress** - Aktiviert die Komprimierung der Daten.<br /> * **persist-key** - Beibehaltung des Schlüssels über Neustarts.<br /> * **persist-tun** - Beibehaltung des TUN-Interfaces über Neustarts.<br /> * **client-config-dir client** - Pfad zu individuellen Client-Konfigurationen.<br /> * **username-as-common-name** - Verwendet den Benutzernamen als Common Name.<br /> * **plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth-ldap.conf login** - LDAP-Authentifizierung.<br /> * **script-security 3** - Erlaubt Skriptausführung für zusätzliche Sicherheit.</div>

Thomas.will