Content #
Using a TCP-based application over a TCP-based VPN can result in double performance loss, especially if the underlying network connection is bad. In that case, a re-transmittance of lost packets is done for packets lost both inside and outside the tunnel, leading to a double performace hit. When choosing between UDP or TCP transport, the general rule of thumb is as follows: If UDP(mode udp) works for you, then use it; if not, then try TCP(mode tcp-server and mode tcp-client).
List avaible combinations of ciphers and hasing algorithms:
openvpn --show-tls
List avaible encryption ciphers:
openvpn --show-ciphers
List all HMAC-signing algorithms:
openvpn --show-digests
point-to-point mode using pre-shared keys abbreviated to pre-shared keys.
The flow of traffic from a user application via OpenVPN OpenVPN Options route directive(OpenVPN) Point-to-point Mode(OpenVPN) The topology subnet OpenVPN PKI Logical Flow Checking certificate key usage attributes Client-specific configuration – CCD files status file(OpenVPN) management interface(OpenVPN) soft-reset OpenVPN client client LAN routed over the VPN tunnel to the server Server-side routing(OpenVPN) Client-side routing(OpenVPN) Enabling file sharing over VPN
Manually config ExpressVPN #
sudo apt install openvpn openvpn-systemd-resolved
sudo openvpn --config /[path to file]/my_expressvpn_[server location].ovpn --script-security 2 --up /etc/openvpn/update-systemd-resolved --down /etc/openvpn/update-systemd-resolved --dhcp-option 'DOMAIN-ROUTE .' --down-pre
Refuse routes that are pushed by OpenVPN server #
--push-filter ignore "route 0.0.0.0/1"