======= OpenVPN ======= OpenVPN is a virtual private network (VPN) system to create secure point-to-point or site-to-site connections with support for client and server modes. It uses a custom security protocol and utilizes SSL/TLS extensively for its encryption and key exchange. OpenVPN can run over UDP or TCP transports, which makes performance significantly lower than other VPN protocols such as IPSec, but allows it to work through most proxy servers, NATs, and firewalls. OpenVPN supports authorization and accounting through RADIUS, TACACS+, and the local user database. To learn more about authentication in OSDx check out the :doc:`/articles/system/aaa/index` article. Configuration ============= The OpenVPN configuration in OSDx has two parts: the interface and the VPN profile. The interface configuration refers to interface-specific options such as local address or remote peers and it represents an OpenVPN tunnel. VPN profiles are configurations for different categories of options such as TLS options, client/server options, or tunnel options, which can be shared between tunnel configurations. This scheme closely mirrors the structure of the `OpenVPN Reference Manual `_. Note that some profiles are only available in specific modes, for example the client profile is only available in client mode. Administration ============== OSDx operational commands to monitor and control tunnels and perform operations such as disconnecting a client, reloading a tunnel, showing connected clients, etc. Examples ======== OpenVPN examples are available in the :doc:`/examples/vpn/openvpn/index` examples page. .. osdx:cmdtree:: cfg interfaces openvpn vpn openvpn .. osdx:cmdtree:: op interfaces openvpn