Options for OpenVPN in IGEL OS12
This article shows how to configure the options for the OpenVPN client in IGEL OS in order to ensure interaction with the server.
Further information regarding the options can be found in the OpenVPN documentation which is maintained by the OpenVPN project.
Menu path: Network > VPN > OpenVPN > [OpenVPN Connection] > Options
Gateway port
Local gateway port. (Default: 1194)
Custom renegotiation interval
Renegotiate data channel key after given number of seconds. (Default: 0)
Use LZO data compression
☑ The client will use LZO compression. Necessary if the server uses compression.
☐ The client will not use LZO compression. (Default)
If establishing a tunnel fails, try again with Use LZO data compression enabled.
The --comp-lzo option is considered deprecated from OpenVPN v2.4 and should not be used any more.
For more information, see https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#Option:--comp-lzoStatus:Pendingremoval.
Protocol used for communication to the host
UDP: UDP will be used. (Default)
TCP-client: TCP will be used.
If you use a proxy, select TCP-client.
Virtual network type
TUN: Routing will be used. (Default)
TAP: Bridging will be used.
Use custom tunnel Maximum Transmission Unit (MTU)
The MTU of the TUN device will be used as a given value. The MTU of the interface will be derived from it.
UDP fragment size
Allow internal data fragmenting up to this size in bytes. Leave this field empty to keep the default value.
Restrict tunnel TCP Maximum Segment Size (MSS)
☑ The TCP segment size (MSS) of the tunnel will be restricted.
☐ The TCP segment size (MSS) will not be restricted. (Default)
Randomize remote hosts
☑ The remote gateways will be ordered randomly as a simple type of load balancing.
☐ The remote computers will not be ordered randomly. (Default)
Cipher
Encryption algorithm for data packets. (Default: BF-CBC - Blowfish in the Cipher Block Chaining Mode)
HMAC authentication
Hashing algorithm for packet authentication (Default: SHA1)