ok so is this correct to disable encryption?
ifconfig 192.168.1.10 255.255.255.0
ifconfig-pool 192.168.1.100 192.168.1.150
#push to clients
;push "route 192.168.1.0 255.255.255.0 10.3.0.1"
push "ping 10"
push "ping-restart 120"
#local keep alive
From: James Yonan <jim@xxxxxxxxx>
To: bronson mathews <gibbz1@xxxxxxxxxxx>
Subject: Re: [Openvpn-users] Bridge LAN Setup?
Date: Sat, 4 Dec 2004 12:54:48 -0700 (MST)
On Sat, 4 Dec 2004, bronson mathews wrote:
> ok im not really understanding the config files that much i could use
> I have both ends bridged, so we want to be able to ping each others
> ip's(for games)
> Note : for some reason the mailing list isnt emailing me the emails so
> you could also forward the emails to gibbz1@xxxxxxxxxxx for me thanks.
> Ive got 2 lans, at
> -my end(server) local ip of the bridge is 192.168.1.11/255.255.255.0
> -vpn ip 10.0.0.1 (should the vpn even have an ip when bridged?)
> -client end local ip of bridge is 192.168.2.69/255.255.255.0
> -vpn ip 10.0.0.100
> Now ive followed the guide here...
> ive modified the scripts but hving no luck with them....
> Also we have no need for this encryption as its for gamming, is it
> to get just a key and none of the other stuff, but still have master
> multiple clients?
You can use:
in the config file to disable tunnel security. This works even in
client/server mode -- make sure to add this to both the server config and
all client configs.
If I were you, I think a better choice for gaming if you think the
standard OpenVPN security is more than you need, would be to keep HMAC
authentication turned on and just dispose of the encryption. That's a
good choice when you don't care about eavesdropping, but you want to
secure against active attacks, i.e. someone maliciously creating packets
which masquerade as OpenVPN packets in order to slip past your firewall.
For that, you just need to add "cipher none".
That will cause all packets to be cryptographically signed, so they can be
verified as legitimate, but the tunnel data will still be sent as
cleartext, i.e. not encrypted.