Document toolboxDocument toolbox

(12.5-en) Options for OpenVPN in IGEL OS12

This article shows how to configure the options for the OpenVPN client in IGEL OS in order to ensure interaction with the server.

Further information regarding the options can be found in the OpenVPN documentation which is maintained by the OpenVPN project.


Menu path: Network > VPN > OpenVPN > [OpenVPN Connection] > Options

 

 

Gateway port

Local gateway port. (Default: 1194)

 

Custom renegotiation interval

Renegotiate data channel key after given number of seconds. (Default: 0)

 

Use LZO data compression

☑ The client will use LZO compression. Necessary if the server uses compression.

☐ The client will not use LZO compression. (Default)

If establishing a tunnel fails, try again with Use LZO data compression enabled.

The --comp-lzo option is considered deprecated from OpenVPN v2.4 and should not be used any more.

For more information, see https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#Option:--comp-lzoStatus:Pendingremoval.

 

Protocol used for communication to the host

  • UDP: UDP will be used. (Default)

  • TCP-client: TCP will be used.

 

Virtual network type

  • TUN: Routing will be used. (Default)

  • TAP: Bridging will be used.

 

Use custom tunnel Maximum Transmission Unit (MTU)

The MTU of the TUN device will be used as a given value. The MTU of the interface will be derived from it.

 

UDP fragment size

Allow internal data fragmenting up to this size in bytes. Leave this field empty to keep the default value.

 

Restrict tunnel TCP Maximum Segment Size (MSS)

☑ The TCP segment size (MSS) of the tunnel will be restricted.

☐ The TCP segment size (MSS) will not be restricted. (Default)

 

Randomize remote hosts

☑ The remote gateways will be ordered randomly as a simple type of load balancing.

☐ The remote computers will not be ordered randomly. (Default)

 

Cipher

Encryption algorithm for data packets. (Default: BF-CBC - Blowfish in the Cipher Block Chaining Mode)

 

HMAC authentication

Hashing algorithm for packet authentication (Default: SHA1)