Next: , Previous: , Up: Services   [Contents][Index]


6.2.7.17 VPN Services

The (gnu services vpn) module provides services related to virtual private networks (VPNs). It provides a client service for your machine to connect to a VPN, and a servire service for your machine to host a VPN. Both services use OpenVPN.

Scheme Procedure: openvpn-client-service [#:config (openvpn-client-configuration)]

Return a service that runs openvpn, a VPN daemon, as a client.

Scheme Procedure: openvpn-server-service [#:config (openvpn-server-configuration)]

Return a service that runs openvpn, a VPN daemon, as a server.

Both can be run simultaneously.

Available openvpn-client-configuration fields are:

openvpn-client-configuration parameter: package openvpn

The OpenVPN package.

openvpn-client-configuration parameter: string pid-file

The OpenVPN pid file.

Defaults to ‘"/var/run/openvpn/openvpn.pid"’.

openvpn-client-configuration parameter: proto proto

The protocol (UDP or TCP) used to open a channel between clients and servers.

Defaults to ‘udp’.

openvpn-client-configuration parameter: dev dev

The device type used to represent the VPN connection.

Defaults to ‘tun’.

openvpn-client-configuration parameter: string ca

The certificate authority to check connections against.

Defaults to ‘"/etc/openvpn/ca.crt"’.

openvpn-client-configuration parameter: string cert

The certificate of the machine the daemon is running on. It should be signed by the authority given in ca.

Defaults to ‘"/etc/openvpn/client.crt"’.

openvpn-client-configuration parameter: string key

The key of the machine the daemon is running on. It must be the key whose certificate is cert.

Defaults to ‘"/etc/openvpn/client.key"’.

openvpn-client-configuration parameter: boolean comp-lzo?

Whether to use the lzo compression algorithm.

Defaults to ‘#t’.

openvpn-client-configuration parameter: boolean persist-key?

Don’t re-read key files across SIGUSR1 or –ping-restart.

Defaults to ‘#t’.

openvpn-client-configuration parameter: boolean persist-tun?

Don’t close and reopen TUN/TAP device or run up/down scripts across SIGUSR1 or –ping-restart restarts.

Defaults to ‘#t’.

openvpn-client-configuration parameter: number verbosity

Verbosity level.

Defaults to ‘3’.

openvpn-client-configuration parameter: tls-auth-client tls-auth

Add an additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks.

Defaults to ‘#f’.

openvpn-client-configuration parameter: key-usage verify-key-usage?

Whether to check the server certificate has server usage extension.

Defaults to ‘#t’.

openvpn-client-configuration parameter: bind bind?

Bind to a specific local port number.

Defaults to ‘#f’.

openvpn-client-configuration parameter: resolv-retry resolv-retry?

Retry resolving server address.

Defaults to ‘#t’.

openvpn-client-configuration parameter: openvpn-remote-list remote

A list of remote servers to connect to.

Defaults to ‘()’.

Available openvpn-remote-configuration fields are:

openvpn-remote-configuration parameter: string name

Server name.

Defaults to ‘"my-server"’.

openvpn-remote-configuration parameter: number port

Port number the server listens to.

Defaults to ‘1194’.

Available openvpn-server-configuration fields are:

openvpn-server-configuration parameter: package openvpn

The OpenVPN package.

openvpn-server-configuration parameter: string pid-file

The OpenVPN pid file.

Defaults to ‘"/var/run/openvpn/openvpn.pid"’.

openvpn-server-configuration parameter: proto proto

The protocol (UDP or TCP) used to open a channel between clients and servers.

Defaults to ‘udp’.

openvpn-server-configuration parameter: dev dev

The device type used to represent the VPN connection.

Defaults to ‘tun’.

openvpn-server-configuration parameter: string ca

The certificate authority to check connections against.

Defaults to ‘"/etc/openvpn/ca.crt"’.

openvpn-server-configuration parameter: string cert

The certificate of the machine the daemon is running on. It should be signed by the authority given in ca.

Defaults to ‘"/etc/openvpn/client.crt"’.

openvpn-server-configuration parameter: string key

The key of the machine the daemon is running on. It must be the key whose certificate is cert.

Defaults to ‘"/etc/openvpn/client.key"’.

openvpn-server-configuration parameter: boolean comp-lzo?

Whether to use the lzo compression algorithm.

Defaults to ‘#t’.

openvpn-server-configuration parameter: boolean persist-key?

Don’t re-read key files across SIGUSR1 or –ping-restart.

Defaults to ‘#t’.

openvpn-server-configuration parameter: boolean persist-tun?

Don’t close and reopen TUN/TAP device or run up/down scripts across SIGUSR1 or –ping-restart restarts.

Defaults to ‘#t’.

openvpn-server-configuration parameter: number verbosity

Verbosity level.

Defaults to ‘3’.

openvpn-server-configuration parameter: tls-auth-server tls-auth

Add an additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks.

Defaults to ‘#f’.

openvpn-server-configuration parameter: number port

Specifies the port number on which the server listens.

Defaults to ‘1194’.

openvpn-server-configuration parameter: ip-mask server

An ip and mask specifying the subnet inside the virtual network.

Defaults to ‘"10.8.0.0 255.255.255.0"’.

openvpn-server-configuration parameter: cidr6 server-ipv6

A CIDR notation specifying the IPv6 subnet inside the virtual network.

Defaults to ‘#f’.

openvpn-server-configuration parameter: string dh

The Diffie-Hellman parameters file.

Defaults to ‘"/etc/openvpn/dh2048.pem"’.

openvpn-server-configuration parameter: string ifconfig-pool-persist

The file that records client IPs.

Defaults to ‘"/etc/openvpn/ipp.txt"’.

openvpn-server-configuration parameter: gateway redirect-gateway?

When true, the server will act as a gateway for its clients.

Defaults to ‘#f’.

openvpn-server-configuration parameter: boolean client-to-client?

When true, clients are allowed to talk to each other inside the VPN.

Defaults to ‘#f’.

openvpn-server-configuration parameter: keepalive keepalive

Causes ping-like messages to be sent back and forth over the link so that each side knows when the other side has gone down. keepalive requires a pair. The first element is the period of the ping sending, and the second element is the timeout before considering the other side down.

openvpn-server-configuration parameter: number max-clients

The maximum number of clients.

Defaults to ‘100’.

openvpn-server-configuration parameter: string status

The status file. This file shows a small report on current connection. It is truncated and rewritten every minute.

Defaults to ‘"/var/run/openvpn/status"’.

openvpn-server-configuration parameter: openvpn-ccd-list client-config-dir

The list of configuration for some clients.

Defaults to ‘()’.

Available openvpn-ccd-configuration fields are:

openvpn-ccd-configuration parameter: string name

Client name.

Defaults to ‘"client"’.

openvpn-ccd-configuration parameter: ip-mask iroute

Client own network

Defaults to ‘#f’.

openvpn-ccd-configuration parameter: ip-mask ifconfig-push

Client VPN IP.

Defaults to ‘#f’.


Next: , Previous: , Up: Services   [Contents][Index]