openvpn ------- .. osdx:cfgcmd:: vpn openvpn .. raw:: html SDE M10-Smart M2 RS420 AresC640 OpenVPN profiles .. osdx:cfgcmd:: vpn openvpn client-profile .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg id: Client options :instances: Multiple .. osdx:cfgcmd:: vpn openvpn client-profile allow-pull-fqdn .. raw:: html SDE M10-Smart M2 RS420 AresC640 Allow client to pull DNS names from server .. osdx:cfgcmd:: vpn openvpn client-profile authentication .. raw:: html SDE M10-Smart M2 RS420 AresC640 Client authentication :ref Required: :ref Required: .. osdx:cfgcmd:: vpn openvpn client-profile authentication encrypted-password .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg password: VPN encrypted password .. osdx:cfgcmd:: vpn openvpn client-profile authentication password .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg txt: VPN password .. osdx:cfgcmd:: vpn openvpn client-profile authentication username .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg id: VPN username .. osdx:cfgcmd:: vpn openvpn client-profile pull .. raw:: html SDE M10-Smart M2 RS420 AresC640 Option pulling parameters .. osdx:cfgcmd:: vpn openvpn client-profile pull filter .. raw:: html SDE M10-Smart M2 RS420 AresC640 Option filter parameters :arg u32: Filter index :instances: Multiple :ref Required: :ref Required: .. osdx:cfgcmd:: vpn openvpn client-profile pull filter policy .. raw:: html SDE M10-Smart M2 RS420 AresC640 Filter policy :arg accept: Allow option :arg ignore: Remove option :arg reject: Flag option as error and restart tunnel .. osdx:cfgcmd:: vpn openvpn client-profile pull filter text .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg txt: Filter rules that start with this text .. osdx:cfgcmd:: vpn openvpn encryption-profile .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg id: Data channel encryption options :instances: Multiple .. osdx:cfgcmd:: vpn openvpn encryption-profile auth .. raw:: html SDE M10-Smart M2 RS420 AresC640 Digest algorithms to authenticate data channel packets with :arg u32: Digest index :instances: Multiple :ref Required: .. osdx:cfgcmd:: vpn openvpn encryption-profile auth algorithm .. raw:: html SDE M10-Smart M2 RS420 AresC640 Digest algorithm :arg none: Disable data channel authentication .. osdx:cfgcmd:: vpn openvpn encryption-profile cipher .. raw:: html SDE M10-Smart M2 RS420 AresC640 Cipher algorithms to encrypt data channel packets with :arg u32: Cipher index :instances: Multiple :ref Required: .. osdx:cfgcmd:: vpn openvpn encryption-profile cipher algorithm .. raw:: html SDE M10-Smart M2 RS420 AresC640 Cipher algorithm :arg none: Disable data channel encryption .. osdx:cfgcmd:: vpn openvpn encryption-profile ncp .. raw:: html SDE M10-Smart M2 RS420 AresC640 Negotiable Crypto Parameters (client/server mode) .. osdx:cfgcmd:: vpn openvpn encryption-profile ncp cipher .. raw:: html SDE M10-Smart M2 RS420 AresC640 Cipher negotiation proposals :arg u32: Cipher index :instances: Multiple :ref Required: .. osdx:cfgcmd:: vpn openvpn encryption-profile ncp cipher algorithm .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg id: Cipher algorithm .. osdx:cfgcmd:: vpn openvpn encryption-profile ncp disable .. raw:: html SDE M10-Smart M2 RS420 AresC640 Disable cipher negotiation .. osdx:cfgcmd:: vpn openvpn encryption-profile secret .. raw:: html SDE M10-Smart M2 RS420 AresC640 Static key encryption mode (p2p mode) :ref Required: .. osdx:cfgcmd:: vpn openvpn encryption-profile secret direction .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg u32: Data flow direction .. osdx:cfgcmd:: vpn openvpn encryption-profile secret static-key .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg file: Static key file .. osdx:cfgcmd:: vpn openvpn server-profile .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg id: Server options :instances: Multiple .. osdx:cfgcmd:: vpn openvpn server-profile authentication .. raw:: html SDE M10-Smart M2 RS420 AresC640 Authentication list :ref Reference: system aaa list * .. osdx:cfgcmd:: vpn openvpn server-profile client .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg id: Client parameters Client Common Name :instances: Multiple .. osdx:cfgcmd:: vpn openvpn server-profile client address .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg ipv4: Static IP address :arg fqdn: Static IP address .. osdx:cfgcmd:: vpn openvpn server-profile client disable .. raw:: html SDE M10-Smart M2 RS420 AresC640 Disable client .. osdx:cfgcmd:: vpn openvpn server-profile client push .. raw:: html SDE M10-Smart M2 RS420 AresC640 Option pushing parameters .. osdx:cfgcmd:: vpn openvpn server-profile client push reset .. raw:: html SDE M10-Smart M2 RS420 AresC640 Ignore global push list for client .. osdx:cfgcmd:: vpn openvpn server-profile client push route .. raw:: html SDE M10-Smart M2 RS420 AresC640 Routing parameters .. osdx:cfgcmd:: vpn openvpn server-profile client push route delay .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg u32: Delay after connection establishment before adding routes .. osdx:cfgcmd:: vpn openvpn server-profile client push route destination .. raw:: html SDE M10-Smart M2 RS420 AresC640 Route destination :arg ipv4cidr: IPv4 address :arg ipv4net: IPv4 network :arg vpn_gateway: Remote VPN endpoint address :arg net_gateway: Pre-existing IP default gateway :arg remote_host: Remote host :instances: Multiple .. osdx:cfgcmd:: vpn openvpn server-profile client push route destination gateway .. raw:: html SDE M10-Smart M2 RS420 AresC640 Route gateway :arg vpn_gateway: Remote VPN endpoint address :arg net_gateway: Pre-existing IP default gateway :arg remote_host: Remote host .. osdx:cfgcmd:: vpn openvpn server-profile client push route destination metric .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg u32: Route metric .. osdx:cfgcmd:: vpn openvpn server-profile client push route gateway .. raw:: html SDE M10-Smart M2 RS420 AresC640 Default gateway to use with pushed routes :arg ipv4: IPv4 address :arg dhcp: Extract the gateway address from a DHCP negotiation .. osdx:cfgcmd:: vpn openvpn server-profile client-to-client .. raw:: html SDE M10-Smart M2 RS420 AresC640 Allow connected clients to reach each other .. osdx:cfgcmd:: vpn openvpn server-profile duplicate-cn .. raw:: html SDE M10-Smart M2 RS420 AresC640 Allow multiple clients with the same common name to concurrently connect .. osdx:cfgcmd:: vpn openvpn server-profile push .. raw:: html SDE M10-Smart M2 RS420 AresC640 Push configuration options to the clients .. osdx:cfgcmd:: vpn openvpn server-profile push route .. raw:: html SDE M10-Smart M2 RS420 AresC640 Routing parameters .. osdx:cfgcmd:: vpn openvpn server-profile push route delay .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg u32: Delay after connection establishment before adding routes .. osdx:cfgcmd:: vpn openvpn server-profile push route destination .. raw:: html SDE M10-Smart M2 RS420 AresC640 Route destination :arg ipv4net: IPv4 network :arg vpn_gateway: Remote VPN endpoint address :arg net_gateway: Pre-existing IP default gateway :arg remote_host: Remote host :instances: Multiple .. osdx:cfgcmd:: vpn openvpn server-profile push route destination gateway .. raw:: html SDE M10-Smart M2 RS420 AresC640 Route gateway :arg vpn_gateway: Remote VPN endpoint address :arg net_gateway: Pre-existing IP default gateway :arg remote_host: Remote host .. osdx:cfgcmd:: vpn openvpn server-profile push route destination metric .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg u32: Route metric .. osdx:cfgcmd:: vpn openvpn server-profile push route gateway .. raw:: html SDE M10-Smart M2 RS420 AresC640 Default gateway to use with pushed routes :arg ipv4: IPv4 address :arg dhcp: Extract the gateway address from a DHCP negotiation .. osdx:cfgcmd:: vpn openvpn tls-profile .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg id: TLS options :instances: Multiple .. osdx:cfgcmd:: vpn openvpn tls-profile auth .. raw:: html SDE M10-Smart M2 RS420 AresC640 Additional layer of HMAC authentication on top of the TLS control channel :ref Required: .. osdx:cfgcmd:: vpn openvpn tls-profile auth direction .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg u32: Data flow direction .. osdx:cfgcmd:: vpn openvpn tls-profile auth static-key .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg file: Static key to use for HMAC authentication .. osdx:cfgcmd:: vpn openvpn tls-profile ca .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg file: Certificate Authority certificate in PEM format .. osdx:cfgcmd:: vpn openvpn tls-profile certificate .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg file: Local certificate in PEM format .. osdx:cfgcmd:: vpn openvpn tls-profile crl .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg file: Certificate Revocation List in PEM format .. osdx:cfgcmd:: vpn openvpn tls-profile crypt .. raw:: html SDE M10-Smart M2 RS420 AresC640 Encrypt and authenticate all control channel packets :ref Required: .. osdx:cfgcmd:: vpn openvpn tls-profile crypt static-key .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg file: Static key to use for HMAC authentication .. osdx:cfgcmd:: vpn openvpn tls-profile csr .. raw:: html SDE M10-Smart M2 RS420 AresC640 Certificate Signing Request instance (SCEP) :ref Reference: system certificate scep csr * .. osdx:cfgcmd:: vpn openvpn tls-profile dhparam .. raw:: html SDE M10-Smart M2 RS420 AresC640 Diffie-Hellman parameters in PEM format (server mode) :arg none: Do not use dhparam file .. osdx:cfgcmd:: vpn openvpn tls-profile private-key .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg file: Local certificate's private key in PEM format .. osdx:cfgcmd:: vpn openvpn tunnel-profile .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg id: Tunnel options :instances: Multiple .. osdx:cfgcmd:: vpn openvpn tunnel-profile compression .. raw:: html SDE M10-Smart M2 RS420 AresC640 Compression algorithm to use :arg lzo: Better compatibility :arg lz4: Better performance .. osdx:cfgcmd:: vpn openvpn tunnel-profile float .. raw:: html SDE M10-Smart M2 RS420 AresC640 Allow remote peer to change its IP address and/or port number .. osdx:cfgcmd:: vpn openvpn tunnel-profile keepalive .. raw:: html SDE M10-Smart M2 RS420 AresC640 Keepalive parameters :ref Required: :ref Required: .. osdx:cfgcmd:: vpn openvpn tunnel-profile keepalive interval .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg u32: Ping interval .. osdx:cfgcmd:: vpn openvpn tunnel-profile keepalive timeout .. raw:: html SDE M10-Smart M2 RS420 AresC640 :arg u32: Ping timeout to restart .. osdx:cfgcmd:: vpn openvpn tunnel-profile log-level .. raw:: html SDE M10-Smart M2 RS420 AresC640 OpenVPN log level :arg u32: Disable all logging except fatal errors (0) :arg u32: Normal usage range (1-4) :arg u32: Output R and W for each packet read and write (5) :arg u32: Debug info range (6-11)