Search the Community
Showing results for tags 'OpenVPN options'.
Found 1 result
-
In the guide for setting up pfSense 2.3 with AirVPN, there are several OpenVPN options that he's got going into the pfSense Custom Option area that I'm wondering about for pfSense 2.4.3. If anyone can help with these, I'd appreciate it: - "keepalive 5 30": That's supposed to be a shortcut type of option to help set OpenVPN's --ping and --ping-restart options. Does anyone know what the defaults are or what, if anything, AirVPN pushes from its servers? Do I actually need "keepalive" in my client's setup? - "keysize 256": First, this has been deprecated and will be removed in OpenVPN 2.6. But, regardless, since we pick specific encryption algorithms and keysizes in the menus of pfSense 2.4.3 (VPN > OpenVPN > Clients > Encryption Algorithm (and NCP Algorithms)), is this even needed? More importantly, couldn't it lead to conflicits? - "key-method 2": As with "keysize" this has been deprecated and removed in OpenVPN 2.5. Apparently, it specifies the data channel key negotiation method. It looks like this might be handled by pfSense's "TLS Key Usage Mode". Anyone know if that's true and what it should be set to for AirVPN? - "mlock": Disables paging so someone can't use the swap file to gather secured information. But according to the OpenVPN manual, it requires that OpenVPN be initially run as root. Does anyone know if pfSense 2.4.3 even does that? Should I use this? - "prng sha512 64": According to the OpenVPN manual, that's using sha512 as the digest algorithm with a nonce size of 64 bytes. I really don't even know what that means. But, my default AirVPN hardware key uses SHA1 and pfSense's "Auth digest algorithm" is set to SHA1. Is this a conflict?