openvpn

vpn openvpn
SDE M10-Smart M2 RS420

OpenVPN profiles

vpn openvpn client-profile <id>
SDE M10-Smart M2 RS420
Values

  • id – Client options

Instances

Multiple

vpn openvpn client-profile <id> allow-pull-fqdn
SDE M10-Smart M2 RS420

Allow client to pull DNS names from server

vpn openvpn client-profile <id> authentication
SDE M10-Smart M2 RS420

Client authentication

Required

Required

vpn openvpn client-profile <id> authentication encrypted-password <password>
SDE M10-Smart M2 RS420
Values

  • password – VPN encrypted password

vpn openvpn client-profile <id> authentication password <txt>
SDE M10-Smart M2 RS420
Values

  • txt – VPN password

vpn openvpn client-profile <id> authentication username <id>
SDE M10-Smart M2 RS420
Values

  • id – VPN username

vpn openvpn client-profile <id> pull
SDE M10-Smart M2 RS420

Option pulling parameters

vpn openvpn client-profile <id> pull filter <u32>
SDE M10-Smart M2 RS420

Option filter parameters

Values

  • u32 – Filter index

Instances

Multiple

Required

Required

vpn openvpn client-profile <id> pull filter <u32> policy <id>
SDE M10-Smart M2 RS420

Filter policy

Values

  • accept – Allow option

  • ignore – Remove option

  • reject – Flag option as error and restart tunnel

vpn openvpn client-profile <id> pull filter <u32> text <txt>
SDE M10-Smart M2 RS420
Values

  • txt – Filter rules that start with this text

vpn openvpn encryption-profile <id>
SDE M10-Smart M2 RS420
Values

  • id – Data channel encryption options

Instances

Multiple

vpn openvpn encryption-profile <id> auth <u32>
SDE M10-Smart M2 RS420

Digest algorithms to authenticate data channel packets with

Values

  • u32 – Digest index

Instances

Multiple

Required

vpn openvpn encryption-profile <id> auth <u32> algorithm <id>
SDE M10-Smart M2 RS420

Digest algorithm

Values

  • none – Disable data channel authentication

vpn openvpn encryption-profile <id> cipher <u32>
SDE M10-Smart M2 RS420

Cipher algorithms to encrypt data channel packets with

Values

  • u32 – Cipher index

Instances

Multiple

Required

vpn openvpn encryption-profile <id> cipher <u32> algorithm <id>
SDE M10-Smart M2 RS420

Cipher algorithm

Values

  • none – Disable data channel encryption

vpn openvpn encryption-profile <id> ncp
SDE M10-Smart M2 RS420

Negotiable Crypto Parameters (client/server mode)

vpn openvpn encryption-profile <id> ncp cipher <u32>
SDE M10-Smart M2 RS420

Cipher negotiation proposals

Values

  • u32 – Cipher index

Instances

Multiple

Required

vpn openvpn encryption-profile <id> ncp cipher <u32> algorithm <id>
SDE M10-Smart M2 RS420
Values

  • id – Cipher algorithm

vpn openvpn encryption-profile <id> ncp disable
SDE M10-Smart M2 RS420

Disable cipher negotiation

vpn openvpn encryption-profile <id> secret
SDE M10-Smart M2 RS420

Static key encryption mode (p2p mode)

Required

vpn openvpn encryption-profile <id> secret direction <u32>
SDE M10-Smart M2 RS420
Values

  • u32 – Data flow direction

vpn openvpn encryption-profile <id> secret static-key <file>
SDE M10-Smart M2 RS420
Values

  • file – Static key file

vpn openvpn server-profile <id>
SDE M10-Smart M2 RS420
Values

  • id – Server options

Instances

Multiple

vpn openvpn server-profile <id> authentication <id>
SDE M10-Smart M2 RS420

Authentication list

Reference

system aaa list <id>

vpn openvpn server-profile <id> client <id>
SDE M10-Smart M2 RS420
Values

  • id – Client parameters Client Common Name

Instances

Multiple

vpn openvpn server-profile <id> client <id> address <ipv4|fqdn>
SDE M10-Smart M2 RS420
Values

  • ipv4 – Static IP address

  • fqdn – Static IP address

vpn openvpn server-profile <id> client <id> disable
SDE M10-Smart M2 RS420

Disable client

vpn openvpn server-profile <id> client <id> push
SDE M10-Smart M2 RS420

Option pushing parameters

vpn openvpn server-profile <id> client <id> push reset
SDE M10-Smart M2 RS420

Ignore global push list for client

vpn openvpn server-profile <id> client <id> push route
SDE M10-Smart M2 RS420

Routing parameters

vpn openvpn server-profile <id> client <id> push route delay <u32>
SDE M10-Smart M2 RS420
Values

  • u32 – Delay after connection establishment before adding routes

vpn openvpn server-profile <id> client <id> push route destination <ipv4cidr|ipv4net|id>
SDE M10-Smart M2 RS420

Route destination

Values

  • ipv4cidr – IPv4 address

  • ipv4net – IPv4 network

  • vpn_gateway – Remote VPN endpoint address

  • net_gateway – Pre-existing IP default gateway

  • remote_host – Remote host

Instances

Multiple

vpn openvpn server-profile <id> client <id> push route destination <ipv4cidr|ipv4net|id> gateway <ipv4|id>
SDE M10-Smart M2 RS420

Route gateway

Values

  • vpn_gateway – Remote VPN endpoint address

  • net_gateway – Pre-existing IP default gateway

  • remote_host – Remote host

vpn openvpn server-profile <id> client <id> push route destination <ipv4cidr|ipv4net|id> metric <u32>
SDE M10-Smart M2 RS420
Values

  • u32 – Route metric

vpn openvpn server-profile <id> client <id> push route gateway <ipv4|id>
SDE M10-Smart M2 RS420

Default gateway to use with pushed routes

Values

  • ipv4 – IPv4 address

  • dhcp – Extract the gateway address from a DHCP negotiation

vpn openvpn server-profile <id> client-to-client
SDE M10-Smart M2 RS420

Allow connected clients to reach each other

vpn openvpn server-profile <id> duplicate-cn
SDE M10-Smart M2 RS420

Allow multiple clients with the same common name to concurrently connect

vpn openvpn server-profile <id> push
SDE M10-Smart M2 RS420

Push configuration options to the clients

vpn openvpn server-profile <id> push route
SDE M10-Smart M2 RS420

Routing parameters

vpn openvpn server-profile <id> push route delay <u32>
SDE M10-Smart M2 RS420
Values

  • u32 – Delay after connection establishment before adding routes

vpn openvpn server-profile <id> push route destination <ipv4net|id>
SDE M10-Smart M2 RS420

Route destination

Values

  • ipv4net – IPv4 network

  • vpn_gateway – Remote VPN endpoint address

  • net_gateway – Pre-existing IP default gateway

  • remote_host – Remote host

Instances

Multiple

vpn openvpn server-profile <id> push route destination <ipv4net|id> gateway <ipv4|id>
SDE M10-Smart M2 RS420

Route gateway

Values

  • vpn_gateway – Remote VPN endpoint address

  • net_gateway – Pre-existing IP default gateway

  • remote_host – Remote host

vpn openvpn server-profile <id> push route destination <ipv4net|id> metric <u32>
SDE M10-Smart M2 RS420
Values

  • u32 – Route metric

vpn openvpn server-profile <id> push route gateway <ipv4|id>
SDE M10-Smart M2 RS420

Default gateway to use with pushed routes

Values

  • ipv4 – IPv4 address

  • dhcp – Extract the gateway address from a DHCP negotiation

vpn openvpn tls-profile <id>
SDE M10-Smart M2 RS420
Values

  • id – TLS options

Instances

Multiple

vpn openvpn tls-profile <id> auth
SDE M10-Smart M2 RS420

Additional layer of HMAC authentication on top of the TLS control channel

Required

vpn openvpn tls-profile <id> auth direction <u32>
SDE M10-Smart M2 RS420
Values

  • u32 – Data flow direction

vpn openvpn tls-profile <id> auth static-key <file>
SDE M10-Smart M2 RS420
Values

  • file – Static key to use for HMAC authentication

vpn openvpn tls-profile <id> ca <file>
SDE M10-Smart M2 RS420
Values

  • file – Certificate Authority certificate in PEM format

vpn openvpn tls-profile <id> certificate <file>
SDE M10-Smart M2 RS420
Values

  • file – Local certificate in PEM format

vpn openvpn tls-profile <id> crl <file>
SDE M10-Smart M2 RS420
Values

  • file – Certificate Revocation List in PEM format

vpn openvpn tls-profile <id> crypt
SDE M10-Smart M2 RS420

Encrypt and authenticate all control channel packets

Required

vpn openvpn tls-profile <id> crypt static-key <file>
SDE M10-Smart M2 RS420
Values

  • file – Static key to use for HMAC authentication

vpn openvpn tls-profile <id> csr <id>
SDE M10-Smart M2 RS420

Certificate Signing Request instance (SCEP)

Reference

system certificate scep csr <id>

vpn openvpn tls-profile <id> dhparam <file|id>
SDE M10-Smart M2 RS420

Diffie-Hellman parameters in PEM format (server mode)

Values

  • none – Do not use dhparam file

vpn openvpn tls-profile <id> private-key <file>
SDE M10-Smart M2 RS420
Values

  • file – Local certificate’s private key in PEM format

vpn openvpn tunnel-profile <id>
SDE M10-Smart M2 RS420
Values

  • id – Tunnel options

Instances

Multiple

vpn openvpn tunnel-profile <id> compression <id>
SDE M10-Smart M2 RS420

Compression algorithm to use

Values

  • lzo – Better compatibility

  • lz4 – Better performance

vpn openvpn tunnel-profile <id> float
SDE M10-Smart M2 RS420

Allow remote peer to change its IP address and/or port number

vpn openvpn tunnel-profile <id> keepalive
SDE M10-Smart M2 RS420

Keepalive parameters

Required

Required

vpn openvpn tunnel-profile <id> keepalive interval <u32>
SDE M10-Smart M2 RS420
Values

  • u32 – Ping interval

vpn openvpn tunnel-profile <id> keepalive timeout <u32>
SDE M10-Smart M2 RS420
Values

  • u32 – Ping timeout to restart

vpn openvpn tunnel-profile <id> log-level <u32>
SDE M10-Smart M2 RS420

OpenVPN log level

Values

  • u32 – Disable all logging except fatal errors (0)

  • u32 – Normal usage range (1-4)

  • u32 – Output R and W for each packet read and write (5)

  • u32 – Debug info range (6-11)