...
The OpenVPN security model is based on SSL, the industry standard for secure communications via the internet. OpenVPN implements OSI layer 2 or 3 secure network extensions using the SSL/TLS protocol. Support IPv4, IPv6.
Introduction
OpenVPN has been ported to various platforms, including Linux and Windows, and its configuration is likewise on each of these systems, so it makes it easier to support and maintain. OpenVPN can run over User Datagram Protocol (UDP) or Transmission Control Protocol (TCP) transports, multiplexing created SSL tunnels on a single TCP/UDP port. OpenVPN is one of the few VPN protocols that can make use of a proxy, which might be handy sometimes.
...
| Property | Description |
|---|---|
| add-default-route (yes | no; Default: no) | Whether to add OVPN remote address as a default route. |
| auth (md5 | sha1 | null | sha256 | sha512; Default: sha1) | Allowed authentication methods. |
| certificate (string | none; Default: none) | Name of the client certificate |
| cipher (null | aes128-cbc | aes128-gcm | aes192-cbc | aes192-gcm | aes256-cbc | aes256-gcm | blowfish128; Default: blowfish128) | Allowed ciphers. In order to use GCM type ciphers, the "auth" parameter must be set to "null", because GCM cipher is also responsible for "auth", if used. |
| comment (string; Default: ) | Descriptive name of an item |
| connect-to (IP|IPv6; Default: ) | Remote address of the OVPN server. |
| disabled (yes | no; Default: yes) | Whether the interface is disabled or not. By default it is disabled. |
| mac-address (MAC; Default: ) | Mac address of OVPN interface. Will be automatically generated if not specified. |
| max-mtu (integer; Default: 1500) | Maximum Transmission Unit. Max packet size that the OVPN interface will be able to send without packet fragmentation. |
| mode (ip | ethernet; Default: ip) | Layer3 or layer2 tunnel mode (alternatively tun, tap) |
| name (string; Default: ) | Descriptive name of the interface. |
| password (string; Default: "") | Password used for authentication. |
| port (integer; Default: 1194) | Port to connect to. |
| profile (name; Default: default) | Specifies which PPP profile configuration will be used when establishing the tunnel. |
| protocol (tcp | udp; Default: tcp) | indicates the protocol to use when connecting with the remote endpoint. |
| verify-server-certificate (yes | no; Default: no) | Checks the certificates CN or SAN against the "connect-to" parameter. The IP or hostname must be present in the server's certificate. |
| tls-version (any | only-1.2; Default: any) | Specifies which TLS versions to allow |
| use-peer-dns (yes | no; Default: no) | Whether to add DNS servers provided by the OVPN server to IP/DNS configuration. |
route-nopull (yes | no; Default: no) | Specifies whether to allow the OVPN server to add routes to the OVPN client instance routing table. |
| user (string; Default: ) | User name used for authentication. |
...