Man
Professional
- Messages
- 3,046
- Reaction score
- 571
- Points
- 113
In the process of work I came across different configs that are not friendly with some versions of OpenVPN. In general, the OpenVPN client is a very strange thing. New versions do not have any backward compatibility with old configs, or do not support some parameters, today I will analyze some of them (those that need to be changed depending on the OpenVPN client device so that you do not have problems when using). You can read the full documentation at the official link. Special mention should be made of the clients in the well-known firmware for Raspberry with a web interface, which simply do not work with anything and pour out errors, but oh well, today we have gathered here not to slander uneducated programmers, but to gain useful knowledge in our work and make five million bucks a day.
For work without raspberry I strongly recommend using the Viscosity client, which has backward compatibility, can determine the OpenVPN version by configuration, and also has useful ipv4/ipv6 routing settings only through the server and does not suffer from DNS leakage, like, for example, Tunnelblick for Mac OS. Analogues are OpenVPN Connect 2.7.1 for Mac OS, or OpenVPN Connect 2.5.3/2.6.3 for Windows, but in case of working with the official client, it is better to check with your configuration seller, with which version its configs will be compatible.
dev tun/dev tap - in this parameter dev tun creates a tunnel to the server, and dev tap lays the route as if you were connected directly to the router. In general, the dev tap parameter is better used for raspberry, but in reality this is not critical.
tun-mtu/mssfix is responsible for the maximum size of the transmitted packet (if not specified in the config text, the value 1450 is used), I recommend using mssfix 0 when using tcp and mssfix 1330 when using udp. This will set the parameter to 1500, which is typical for a standard connection and will not reveal the VPN to antifraud.
block-outside-dns is a parameter for MacOS/Win/iOS/Android clients that allows you to avoid dns leaks. Tunnelblick (MacOS) and OpenVPN for raspberry clients do not support this parameter.
You can also specify the DNS servers you need using the dhcp-option parameter DNS 8.8.8.8 (Google DNS for example)
windows-driver wintun - parameter for creating a network connection interface in Windows.
block-ipv6 - a parameter for MacOS/Win/iOS/Android that allows you to avoid IP leakage via IPv6. In raspberry/routers, you should configure this in a different way, since this parameter is not supported in them.
script-security 2 is a parameter for Raspberry that allows you to execute external scripts, in practice it allows you to avoid DNS leaks when using software on the Raspberry to connect to DNS according to your configuration.
tls-version-min 1.0 is also a parameter for raspberry, since it currently uses TLS versions 1.0/1.1, and the standard OpenVPN parameter is version 1.2, so you should specify this parameter to avoid errors when connecting.
Here I have analyzed the main parameters due to which connecting to the configuration can lead to an error when importing them into your client.
The other parameters will not affect the connection, however, if you are interested in understanding the technical part in more detail, and not just connecting/activating the pipe/withdrawing 5 dollars from the inst play and buying yourself a shelf of weed, here are some useful links, in short, if you have time, read them, I think there is no need to burden you with information that is practically applicable only if you lay out these configs yourself.
openvpn.net
habr.com
With you as always carder, fat profits to all (and not $5 from instplay/enroll), clean configs and sleeping antifraud. Peace.
For work without raspberry I strongly recommend using the Viscosity client, which has backward compatibility, can determine the OpenVPN version by configuration, and also has useful ipv4/ipv6 routing settings only through the server and does not suffer from DNS leakage, like, for example, Tunnelblick for Mac OS. Analogues are OpenVPN Connect 2.7.1 for Mac OS, or OpenVPN Connect 2.5.3/2.6.3 for Windows, but in case of working with the official client, it is better to check with your configuration seller, with which version its configs will be compatible.
dev tun/dev tap - in this parameter dev tun creates a tunnel to the server, and dev tap lays the route as if you were connected directly to the router. In general, the dev tap parameter is better used for raspberry, but in reality this is not critical.
tun-mtu/mssfix is responsible for the maximum size of the transmitted packet (if not specified in the config text, the value 1450 is used), I recommend using mssfix 0 when using tcp and mssfix 1330 when using udp. This will set the parameter to 1500, which is typical for a standard connection and will not reveal the VPN to antifraud.
block-outside-dns is a parameter for MacOS/Win/iOS/Android clients that allows you to avoid dns leaks. Tunnelblick (MacOS) and OpenVPN for raspberry clients do not support this parameter.
You can also specify the DNS servers you need using the dhcp-option parameter DNS 8.8.8.8 (Google DNS for example)
windows-driver wintun - parameter for creating a network connection interface in Windows.
block-ipv6 - a parameter for MacOS/Win/iOS/Android that allows you to avoid IP leakage via IPv6. In raspberry/routers, you should configure this in a different way, since this parameter is not supported in them.
script-security 2 is a parameter for Raspberry that allows you to execute external scripts, in practice it allows you to avoid DNS leaks when using software on the Raspberry to connect to DNS according to your configuration.
tls-version-min 1.0 is also a parameter for raspberry, since it currently uses TLS versions 1.0/1.1, and the standard OpenVPN parameter is version 1.2, so you should specify this parameter to avoid errors when connecting.
Here I have analyzed the main parameters due to which connecting to the configuration can lead to an error when importing them into your client.
The other parameters will not affect the connection, however, if you are interested in understanding the technical part in more detail, and not just connecting/activating the pipe/withdrawing 5 dollars from the inst play and buying yourself a shelf of weed, here are some useful links, in short, if you have time, read them, I think there is no need to burden you with information that is practically applicable only if you lay out these configs yourself.
Resources For OpenVPN OpenSource Community | OpenVPN
Here you will find documentation, resources, and articles for the OpenVPN open source community.
openvpn.net
Определяем пользователей VPN (и их настройки!) и прокси со стороны сайта
We can save the day from dark, from bad There's no one we need Многие из вас используют VPN или прокси в повседневной жизни. Кто-то использует его постоянно, получая доступ к заблокированным на...
habr.com
With you as always carder, fat profits to all (and not $5 from instplay/enroll), clean configs and sleeping antifraud. Peace.
