Point-to-point Mode(OpenVPN)

Point-to-point Mode(OpenVPN)

Simplest and shortest example #

  1. Start the first endpoint in the listening mode

    openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun
    
  2. launch the OpenVPN client

    openvpn --ifconfig 10.200.0.2 10.200.0.1 --dev tun --remote first.endpoint
    

Using TCP Protocol #

The default protocol that OpenVPN uses is UDP, if the TCP protocol is required:

  1. Start the first endpoint in the listening mode

    openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun --proto tcp-server
    
  2. launch the OpenVPN client

    openvpn --ifconfig 10.200.0.2 10.200.0.1 --dev tun --proto tcp-client --remote first.endpoint
    

The TAP Mode #

Non-TCP/IP traffic needs tap device. A tap device needs to be assigned a single IP address and a netmask.

  1. Start the first endpoint in the listening mode

    openvpn --ifconfig 10.200.0.1 255.255.255.0 --dev tap
    
  2. launch the OpenVPN client

    openvpn --ifconfig 10.200.0.2 255.255.255.0 --dev tap --remote first.endpoint
    

The cleartext tunnel #

A cleartext tunnel can be used to avoid double encryption.

  1. Start the first endpoint in the listening mode

    openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun --cipher none --auth none
    
  2. launch the OpenVPN client

    openvpn --ifconfig 10.200.0.2 10.200.0.1 --dev tun --cipher none --auth none --remote first.endpoint
    

Using OpenVPN secret key #

  1. Generate secret key

    openvpn --genkey --secret secret.key
    

    The resulting key file should copied to the remote endpoint using a secret channel(like scp).

  2. Start the first endpoint in the listening mode

    openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun --secret secret.key --verb 7
    
  3. launch the OpenVPN client

    openvpn --ifconfig 10.200.0.2 10.200.0.1 --dev tun --secret secret.key --remote first.endpoint
    

    The server side log output will contain lines of the keys.

Using different keys for incoming versus outgoing data #

Adding a direction flag to –secret parameter. The direction flag needs to be set to 0 on one end, and to 1 on the other end.

  1. Start the first endpoint in the listening mode

    openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun --secret secret.key 0 --verb 7
    
  2. launch the OpenVPN client

    openvpn --ifconfig 10.200.0.2 10.200.0.1 --dev tun --secret secret.key 1 --remote first.endpoint
    

Using different encryption and authentication algorithms #

  1. Start the first endpoint in the listening mode

    openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun --secret secret.key 0 --cipher AES256 --auth SHA512 --verb 7
    
  2. launch the OpenVPN client

    openvpn --ifconfig 10.200.0.2 10.200.0.1 --dev tun --secret secret.key 1 --cipher AES256 --auth SHA512 --remote first.endpoint