A few more OpenVPN parameters are desireable for me to change in the OVPN plugin:
- Diffie hellman parameters (1024/2048/4096)
- proper support for routing behind NAT (I had to configure push routes like this manually when using "default gateway":
- In OVPN config:
- ifconfig-pool-persist ipp.txt
- server 172.16.10.0 255.255.255.0
- #Push routes to the client to allow it to reach other
#private subnets behind the server.
push "route 10.8.0.0 255.255.255.0"
- as root in CLI:
- echo 1 > /proc/sys/net/ipv4/ip_forward
- iptables -t nat -A POSTROUTING -s 172.16.10.0/24 -o eth0 -j MASQUERADE
- In OVPN config:
- tun/tap selection
- time based expire of client certificates
- allow tinkering with the algorithms (sometimes the user wants to decide whether to use Blowfish, AES 128 or AES 256)
- max-client setting
- setting for site-to-site VPNs
- allowing different ports for the OpenVPN server and the clients (for example if you have your OMV behind a NAT firewall and have to use different ports; the firewall redirects port 443<-->1194 for example
Thank you so much for the work you already put into this project!