openvpn.8

一个开源的VPN原码

will run a script such as:

.B ifconfig $1 10.4.0.1 pointopoint 10.4.0.2 mtu $2

(Note: remove "pointopoint" from command line on OpenBSD).

Note that OpenVPN also provides the
.B --ifconfig
option to automatically ifconfig the TUN device,
eliminating the need to define an
.B --up
script, unless you also want to configure routes
in the
.B --up
script.

If
.B --ifconfig
is also specified, OpenVPN will pass the ifconfig local
and remote endpoints on the command line to the
.B --up
script so that they can be used to configure routes such as:

.B route add -net 10.0.0.0 netmask 255.255.255.0 gw $5
.TP
.B --down cmd
Shell command to run after tun/tap device close
(post
.B --user
UID change and/or
.B --chroot
).  Called with the same parameters as the
.B --up
option above.
.TP
.B --user user
Change the user ID of the OpenVPN process to
.B user
after initialization, dropping privileges in the process.
This option is useful to protect the system
in the event that some hostile party was able to gain control of
an OpenVPN session.  Though OpenVPN's security features make
this unlikely, it is provided as a second line of defense.

By setting
.B user
to
.I nobody
or somebody similarly unprivileged, the hostile party would be
limited in what damage they could cause.  Of course once
you take away privileges, you cannot return them
to an OpenVPN session.  This means, for example, that if
you want to reset an OpenVPN daemon with a
.B SIGUSR1
signal
(for example in response
to a DHCP reset), you should make use of one or more of the
.B --persist
options to ensure that OpenVPN doesn't need to execute any privileged
operations in order to restart (such as re-reading key files
or running
.BR ifconfig
on the tun device).
.TP
.B --group group
Similar to the
.B --user
option,
this option changes the group ID of the OpenVPN process to
.B group
after initialization.
.TP
.B --cd dir
Change directory to
.B dir
prior to reading any files such as
configuration files, key files, scripts, etc.
.B dir
should be an absolute path, with a leading "/",
and without any references
to the current directory such as "." or "..".

This option is useful when you are running
OpenVPN in 
.B --daemon
mode, and you want to consolidate all of
your OpenVPN control files in one location.
.TP
.B --chroot dir
Chroot to
.B dir
before initialization.  
.B --chroot
essentially redefines
.B dir
as being the top
level directory tree (/).  OpenVPN will therefore
be unable to access any file outside this tree.
This can be desirable from a security standpoint.

The caveat here is that every file that
OpenVPN might possibly need must exist within the chroot directory tree,
including special files such
.B /dev/random
(which is used by OpenVPN to generate random keys and IVs).
.TP
.B --daemon
Become a daemon and write all messages to the syslog file (such as /var/log/messages).
.TP
.B --inetd
Use this option when OpenVPN is being run from the inetd or
.BR xinetd(8)
server.
This option precludes the use of
.B --daemon, --local,
or
.B --remote.
Note that each OpenVPN tunnel requires a separate UDP port and
a separate inetd or xinetd entry.  See the OpenVPN HOWTO for an example
on using OpenVPN with xinetd:
.I http://openvpn.sourceforge.net/howto.html
.TP
.B --writepid file
Write OpenVPN's main process ID to
.B file.
.TP
.B --nice n
Change process priority after initialization
(
.B n
greater than 0 is lower priority,
.B n
less than zero is higher priority).
.TP
.B --nice-work n
Change priority of background TLS work thread.  The TLS thread
feature is enabled when OpenVPN is built
with pthread support, and you are running OpenVPN
in TLS mode (i.e. with
.B --tls-client
or
.B --tls-server
specified).

Using a TLS thread offloads the CPU-intensive process of SSL/TLS-based
key exchange to a background thread so that it does not become
a latency bottleneck in the tunnel packet forwarding process.

The parameter
.B n
is interpreted exactly as with the
.B --nice
option above, but in relation to the work thread rather
than the main thread.
.TP
.B --verb n
Set output verbosity to
.B n
(default=1).  Each level shows all info from the previous levels.
Level 5 is recommended if you want a good summary
of what's happening without being swamped by output.

.B 0 --
no output except fatal errors
.br
.B 1 --
show startup information + connection initiated messages + non-fatal encryption & net errors
.br
.B 2 --
show all parameter settings
.br
.B 3 --
show key negotiations +
.B --gremlin
net outages
.br
.B 4 --
show partial TLS debug info
.br
.B 5 --
show adaptive compression state changes (on or off)
.br
.B 6 --
show hex representation of keys
.br
.B 7 --
show verbose key negotiations
.br
.B 8 --
show all debug info
.TP
.B --mute n
Log at most
.B n
consecutive messages in the same category.  This is useful to
limit repetitive logging of similar message types.
.TP
.B --gremlin
Simulate dropped & corrupted packets + network outages
(for debugging and testing only).  This is a
powerful tool for verifying the robustness of the OpenVPN protocol,
especially in TLS mode.  When used with TLS parameters that force
frequent key renegotiations such as
.B --reneg-sec 10,
this option will stress-test the ability of OpenVPN peers to recover
from errors and remain in sync.
Current parameter settings will cause
.B --gremlin
to drop 2% of packets and corrupt another 2%.  A packet corruption will
alter a random byte in the packet to a random value.  It might
also increase or decrease the size of the packet by one byte.
.B --gremlin
will also simulate network outages by going "down"
for a period of 10 to 60 seconds.
Between simulated outages, OpenVPN will
remain up for periods of 10 to 300 seconds.  To see gremlin
messages, set
.B --verb
to 3 or higher.  To change gremlin constants, consult the
file gremlin.c included in the OpenVPN source distribution.
.TP
.B --comp-lzo
Use fast LZO compression -- may add up to 1 byte per
packet for incompressible data.
.TP
.B --comp-noadapt
When used in conjunction with
.B --comp-lzo,
this option will disable OpenVPN's adaptive compression algorithm.
Normally, adaptive compression is enabled with
.B --comp-lzo.

Adaptive compression tries to optimize the case where you have
compression enabled, but you are sending predominantly incompressible
(or pre-compressed) packets over the tunnel.  With adaptive compression,
OpenVPN will periodically sample the compression process to see if
it's actually saving us anything.  If not, we will disable compression
for a period of time, then re-sample.
.B 
.SS Data Channel Encryption Options:
These options are meaningful for both Static & TLS-negotiated key modes
(must be compatible between peers).
.TP
.B --secret file
Enable Static Key encryption mode (non-TLS).
Use pre-shared secret file which was generated with
.B --genkey.
Static key encryption mode has certain advantages, the biggest
probably being the ease of configuration.  There are no certificates
or certificate authorities or complicated negotiation handshakes and protocols.
The only requirement is that you have a pre-existing secure channel with
your peer (such as
.B ssh
) to initially copy the key.  This requirement, along with the
fact that your key never changes unless you manually generate a new one,
makes it somewhat less secure than TLS mode (see below).  If an attacker
manages to steal your key, everything that was ever encrypted with
it is compromised.  Contrast that to the perfect forward security features of
TLS mode where even if an attacker was able to steal your private key,
he would gain no information to help him decrypt past sessions.

One interesting aspect of Static Key encryption mode is that
it is a handshake-free protocol 
without any distinguishing signature or feature
(such as a header or protocol handshake sequence) 
that would mark the ciphertext packets as being
generated by OpenVPN.  Anyone eavesdropping on the wire
would see nothing
but random-looking data.
.TP
.B --auth alg
Authenticate packets with an HMAC using message
digest algorithm
.B alg.
(The default is
.B SHA1
).
HMAC is a commonly used message authentication algorithm (MAC) that uses
a data string, a secure hash algorithm, and a key, to produce
a digital signature.  HMAC has the property that it is infeasible
for an attacker with access to a signed string to find another string
which would sign to the same signature or generate a valid signature
for his own string.

OpenVPN's usage of HMAC is to first encrypt a packet, then HMAC the resulting ciphertext.

In static-key encryption mode, the HMAC key
is included in the key file generated by
.B --genkey.
In TLS mode, the HMAC key is dynamically generated and shared
between peers via the TLS control channel.  If OpenVPN receives a packet with
a bad HMAC it will drop the packet.
HMAC usually adds 16 or 20 bytes per packet.
Set
.B alg=none
to disable authentication.

For more information on HMAC see
.I http://www.cs.ucsd.edu/users/mihir/papers/hmac.html
.TP
.B --cipher alg
Encrypt packets with cipher algorithm
.B alg.
The default is
.B BF-CBC,
an abbreviation for Blowfish in Cipher Block Chaining mode.
Blowfish has the advantages of being fast, very secure, and allowing key sizes
of up to 448 bits.  Blowfish is designed to be used in situations where
keys are changed infrequently.

For more information on blowfish, see
.I http://www.counterpane.com/blowfish.html

To see other ciphers that are available with
OpenVPN, use the
.B --show-ciphers
option.

OpenVPN supports the CBC, CFB, and OFB cipher modes.

Set
.B alg=none
to disable encryption.
.TP
.B --keysize n
Size of cipher key in bits (optional).
If unspecified, defaults to cipher-specific default.  The
.B --show-ciphers
option (see below) shows all available OpenSSL ciphers,
their default key sizes, and whether the key size can
be changed.  Use care in changing a cipher's default
key size.  Many ciphers have not been extensively
cryptanalyzed with non-standard key lengths, and a
larger key may offer no real guarantee of greater
security, or may even reduce security.
.TP
.B --no-replay
Disable OpenVPN's protection against replay attacks.
Don't use this option unless you are prepared to make
a tradeoff of greater efficiency in exchange for less
security.

OpenVPN provides datagram replay protection by default.

Replay protection is accomplished
by tagging each outgoing datagram with an identifier
that is guaranteed to be unique for the key being used.
The peer that receives the datagram will check for
the uniqueness of the identifier.  If the identifier
was already received in a previous datagram, OpenVPN
will drop the packet.  Replay protection is important
to defeat attacks such as a SYN flood attack, where
the attacker listens in the wire, intercepts a TCP
SYN packet (identifying it by the context in which
it occurs in relation to other packets), then floods
the receiving peer with copies of this packet.

OpenVPN's replay protection is implemented in slightly
different ways, depending on the key management mode
you have selected.

In Static Key mode
or when using an CFB or OFB mode cipher, OpenVPN uses a
64 bit unique identifier that combines a time stamp with
an incrementing sequence number.

When using TLS mode for key exchange and a CBC cipher
mode, OpenVPN uses only a 32 bit sequence number without
a time stamp, since OpenVPN can guarantee the uniqueness
of this value for each key.  As in IPSec, if the sequence number is
close to wrapping back to zero, OpenVPN will trigger
a new key exchange.

To check for replays, OpenVPN uses
the
.I sliding window
algorithm used
by IPSec.
.TP
.B --no-iv
Disable OpenVPN's use of IV (cipher initialization vector).
Don't use this option unless you are prepared to make
a tradeoff of greater efficiency in exchange for less
security.

OpenVPN uses an IV by default, and requires it for CFB and
OFB cipher modes (which are totally insecure without it).
Using an IV is important for security when multiple
messages are being encrypted/decrypted with the same key.

IV is implemented differently depending on the cipher mode used.

In CBC mode, OpenVPN will start with a random IV and carry forward
the residuals across datagrams in a manner similar
to that used by IPSec (see RFC 2405 for more information). 

In CFB/OFB mode, OpenVPN uses a unique sequence number and time stamp
as the IV.  In fact, in CFB/OFB mode, OpenVPN uses a datagram
space-saving optimization that uses the unique identifier for
datagram replay protection as the IV.
.TP
.B --test-crypto
Do a self-test of OpenVPN's crypto options by encrypting and
decrypting test packets using the data channel encryption options
specified above.  This option does not require a peer to function,
and therefore can be specified without
.B --dev
or
.B --remote.