NCM::Component::metaconfig::openvpn - schema¶

Types¶

/software/components/metaconfig/config_openvpn_all

Description: All options shared between client and server.

/software/components/metaconfig/config_openvpn_all/ca

Description: Certificate authority (CA) file in .pem format.

Required

Type: absolute_file_path

/software/components/metaconfig/config_openvpn_all/cd

Description: Change directory to dir prior to reading any files such as configuration files.

Optional

Type: string

/software/components/metaconfig/config_openvpn_all/cert

Description: Local peer’s signed certificate in .pem format.

Required

Type: absolute_file_path

/software/components/metaconfig/config_openvpn_all/cipher

Description: Encrypt data channel packets with cipher algorithm alg.

Required

Type: string

Default value: AES-256-CBC

/software/components/metaconfig/config_openvpn_all/compress

Description: Enable a compression algorithm.

Optional

Type: string

/software/components/metaconfig/config_openvpn_all/comp-lzo

Description: Use LZO compression, deprecated since 2.4.

Optional

Type: boolean

Default value: false

/software/components/metaconfig/config_openvpn_all/comp-noadapt

Description: this option will disable OpenVPN’s adaptive compression algorithm.

Optional

Type: boolean

Default value: false

/software/components/metaconfig/config_openvpn_all/daemon

Description: Become a daemon after all initialization functions are completed.

Required

Type: boolean

Default value: false

/software/components/metaconfig/config_openvpn_all/dev

Description: TUN/TAP virtual network device.

Required

Type: string

/software/components/metaconfig/config_openvpn_all/group

Description: this option changes the group ID of the OpenVPN process to group after initialization.

Required

Type: string

Default value: nobody

/software/components/metaconfig/config_openvpn_all/ifconfig

Description: Set TUN/TAP adapter parameters.

Optional

Type: string

/software/components/metaconfig/config_openvpn_all/key

Description: Local peer’s private key in .pem format.

Required

Type: absolute_file_path

/software/components/metaconfig/config_openvpn_all/nobind

Description: Do not bind to local address and port.

Required

Type: boolean

Default value: false

/software/components/metaconfig/config_openvpn_all/persist-key

Description: Don’t re-read key files across SIGUSR1 or –ping-restart.

Optional

Type: boolean

Default value: false

/software/components/metaconfig/config_openvpn_all/persist-tun

Description: Don’t close and reopen TUN/TAP device or run up/down scripts across SIGUSR1 or –ping-restart.

Optional

Type: boolean

Default value: false

/software/components/metaconfig/config_openvpn_all/port

Description: TCP/UDP port number or port name for both local and remote.

Required

Type: type_port

Default value: 1194

/software/components/metaconfig/config_openvpn_all/proto

Description: Use protocol p for communicating with remote host.

Required

Type: string

/software/components/metaconfig/config_openvpn_all/tls-auth

Description: Add an additional layer of HMAC authentication on top of the TLS control channel.

Optional

Type: string

/software/components/metaconfig/config_openvpn_all/tun-mtu

Description: Take the TUN device MTU to be n and derive the link MTU from it.

Required

Type: long

Default value: 1500

/software/components/metaconfig/config_openvpn_all/user

Description: Change the user ID of the OpenVPN process to user after initialization.

Required

Type: string

Default value: nobody

/software/components/metaconfig/config_openvpn_all/verb

Description: Set output verbosity

Optional

Type: long

Range: 0..11

/software/components/metaconfig/config_openvpn_server

Description: All options only available to a server.

/software/components/metaconfig/config_openvpn_server/ccd-exclusive

Description: Require, as a condition of authentication, that a connecting client has a client-config-dir file.

Optional

Type: boolean

/software/components/metaconfig/config_openvpn_server/client-config-dir

Description: Specify a directory dir for custom client config files.

Optional

Type: string

/software/components/metaconfig/config_openvpn_server/client-connect

Description: Run command cmd on client connection.

Optional

Type: string

/software/components/metaconfig/config_openvpn_server/client-disconnect

Description: Run command cmd on client disconnection.

Optional

Type: string

/software/components/metaconfig/config_openvpn_server/client-to-client

Description: Tells OpenVPN to internally route client-to-client traffic.

Optional

Type: boolean

Default value: false

/software/components/metaconfig/config_openvpn_server/crl-verify

Description: Check peer certificate against the file crl in PEM format.

Optional

Type: string

/software/components/metaconfig/config_openvpn_server/dh

Description: File containing Diffie Hellman parameters in .pem format.

Optional

Type: absolute_file_path

/software/components/metaconfig/config_openvpn_server/duplicate-cn

Description: Allow multiple clients with the same common name to concurrently connect.

Optional

Type: boolean

Default value: false

/software/components/metaconfig/config_openvpn_server/ifconfig-pool

Description: Set aside a pool of subnets to be dynamically allocated to connecting clients.

Optional

Type: string

/software/components/metaconfig/config_openvpn_server/ifconfig-pool-linear

Description: Modifies the –ifconfig-pool directive to allocate individual TUN interface addresses for clients.

Optional

Type: boolean

Default value: false

/software/components/metaconfig/config_openvpn_server/ifconfig-pool-persist

Description: Persist/unpersist ifconfig-pool data to file.

Optional

Type: string

/software/components/metaconfig/config_openvpn_server/keepalive

Description: define keepalive interval and timeout.

Required

Type: long

/software/components/metaconfig/config_openvpn_server/local

Description: Local host name or IP address for bind.

Optional

Type: string

/software/components/metaconfig/config_openvpn_server/log-append

Description: Append logging messages to file.

Optional

Type: absolute_file_path

/software/components/metaconfig/config_openvpn_server/management

Description: Enable a TCP server on IP:port to handle daemon management functions.

Optional

Type: string

/software/components/metaconfig/config_openvpn_server/max-clients

Description: Limit server to a maximum of n concurrent clients.

Optional

Type: long

/software/components/metaconfig/config_openvpn_server/passtos

Description: Set the TOS field of the tunnel packet to what the payload’s TOS is.

Optional

Type: boolean

Default value: false

/software/components/metaconfig/config_openvpn_server/push

Description: Push a config file option back to the client for remote execution.

Optional

Type: string

/software/components/metaconfig/config_openvpn_server/script-security

Description: This directive offers policy-level control over OpenVPN’s usage of external programs and scripts.

Optional

Type: long

Range: 0..3

/software/components/metaconfig/config_openvpn_server/server

Description: A helper directive designed to simplify the configuration of OpenVPN’s server mode.

Optional

Type: string

/software/components/metaconfig/config_openvpn_server/server-bridge

Description: A helper directive to simplify the config of OpenVPN’s server in eth bridging configurations.

Optional

Type: string

/software/components/metaconfig/config_openvpn_server/tcp-queue-limit

Description: Maximum number of output packets queued before TCP.

Optional

Type: long

/software/components/metaconfig/config_openvpn_server/tls-server

Description: Enable TLS and assume server role during TLS handshake.

Optional

Type: boolean

Default value: false

/software/components/metaconfig/config_openvpn_server/tls-verify

Description: Run command cmd to verify the X509 name of a pending TLS connection.

Optional

Type: string

/software/components/metaconfig/config_openvpn_server/topology

Description: Configure virtual addressing topology when running in –dev tun mode.

Optional

Type: string

/software/components/metaconfig/config_openvpn_server/up

Description: Run command cmd after successful TUN/TAP device open.

Optional

Type: string

/software/components/metaconfig/config_openvpn_client

Description: All options only available to a client.

/software/components/metaconfig/config_openvpn_client/client

Description: A helper directive designed to simplify the configuration of OpenVPN’s client mode.

Required

Type: boolean

Default value: false

/software/components/metaconfig/config_openvpn_client/max-routes

Description: Maximum rumber of routes.

Optional

Type: long

Range: 0..

/software/components/metaconfig/config_openvpn_client/remote-cert-tls

Description: Require that peer certificate was signed with an explicit key usage and extended key usage.

Optional

Type: string

/software/components/metaconfig/config_openvpn_client/remote

Description: Remote host name or IP address.

Required

Type: string

/software/components/metaconfig/config_openvpn_client/remote-random

Description: When multiple –remote address are specified, initially randomize the order of the list.

Optional

Type: boolean

Default value: false

/software/components/metaconfig/config_openvpn_client/resolv-retry

Description: If hostname resolve fails for –remote, retry resolve before failing.

Optional

Type: string

/software/components/metaconfig/config_openvpn_client/tls-client

Description: Enable TLS and assume client role during TLS handshake.

Required

Type: boolean

Default value: false

/software/components/metaconfig/config_openvpn_client/tls-exit

Description: Exit on TLS negotiation failure.

Optional

Type: boolean

Default value: false