![background image](/i/tripp-lite/128520/tripp-lite-b094-008-2e-m-f-b096-048-b096-016-b094-008-2e-v-b096-032/h/tripp-lite-b094-008-2e-m-f-b096-048-b096-016-b094-008-2e-v-b096-032-065.png)
65
Chapter 4: Serial Port, Device and User Configuration
The Windows client/server configuration file options are:
Options
Description
#description:
This is a comment describing the configuration.
Comment lines start with a ‘#’ and are ignored by OpenVPN.
Client
server
Specify whether this will be a client or server configuration file. In the server configuration file,
define the IP address pool and netmask. For example, server 10.100.10.0 255.255.255.0
proto udp
proto tcp
Set the protocol to UDP or TCP. The client and server must use the same settings.
mssfix <max. size>
Mssfix sets the maximum size of the packet. This is only useful for UDP if problems occur.
verb <level>
Set log file verbosity level. Log verbosity level can be set from 0 (minimum) to 15 (maximum).
For example,
0 = silent except for fatal errors
3 = medium output, good for general usage
5 = helps with debugging connection problems
9 = extremely verbose, excellent for troubleshooting
dev tun
dev tap
Select ‘dev tun’ to create a routed IP tunnel or ‘dev tap’ to create an Ethernet tunnel. The
client and server must use the same settings.
remote <host>
The hostname/IP of OpenVPN server when operating as a client. Enter either the DNS
hostname or the static IP address of the server.
Port
The UDP/TCP port of the server.
Keepalive
Keepalive uses ping to keep the OpenVPN session alive. 'Keepalive 10 120' pings every 10
seconds and assumes the remote peer is down if no ping has been received over a 120
second time period.
http-proxy <proxy server>
<proxy port #>
If a proxy is required to access the server, enter the proxy server DNS name or IP and port
number.
ca <file name>
Enter the CA certificate file name and location. The same CA certificate file can be used by the
server and all clients.
Note: Ensure each ‘\’ in the directory path is replaced with ‘ \\’. For example, c:\openvpnkeys\
ca.crt will become c:\\openvpnkeys\\ca.crt
cert <file name>
Enter the client’s or servers’s certificate file name and location. Each client should have its
own certificate and key files.Note: Ensure each ‘\’ in the directory path is replaced with ‘ \\’.
key <file name>
Enter the file name and location of the client’s or server’s key. Each client should have its own
certificate and key files.
Note: Ensure each ‘\’ in the directory path is replaced with ‘ \\’.
dh <file name>
This is used by the server only.
Enter the path to the key with the Diffie-Hellman parameters.
Nobind
‘Nobind’ is used when clients do not need to bind to a local address or specific local port
number. This is the case in most client configurations.
persist-key
This option prevents the reloading of keys across restarts.
persist-tun
This option prevents the close and reopen of TUN/TAP devices across restarts.
cipher BF-CBC Blowfish
(default)
cipher AES-128-CBC AES
cipher DES-EDE3-CBC
Triple-DES
Select a cryptographic cipher. The client and server must use the same settings.
comp-lzo
Enable compression on the OpenVPN link. This must be enabled on both the client and the
server.
syslog
By default, logs are located in syslog or, if running as a service on Window, in \Program Files\
OpenVPN\log directory.