|
|
| Line 1: |
Line 1: |
| − | Some users may experience "SSL\TLS handshake" timeouts, this may happen when somehow these packets get corrupt, regardless of their protocol (TCP/UDP) or port.<br>
| |
| − | Now we're going to add "HMAC signature" to packets, so that every packet not bearing the signature can be dropped, after adding this your connection will be more secure & those timeouts will dissapear!<br>
| |
| − | Here is how:
| |
| | | | |
| − | '''Things to do on server :'''<br>
| |
| − | Open "Terminal" or use SSH to login into server as root, run these commands:
| |
| − |
| |
| − | :''cd /etc/openvpn/amahi''
| |
| − | :''openvpn -–genkey -–secret ta.key''
| |
| − |
| |
| − | *If using Terminal:
| |
| − | ::''gedit /etc/openvpn/amahi.conf''
| |
| − |
| |
| − | *If using SSH:
| |
| − | ::''nano /etc/openvpn/amahi.conf
| |
| − |
| |
| − | Now add these lines to the end of file:
| |
| − | :''tls-auth /etc/openvpn/amahi/ta.key 0''
| |
| − | :''cipher AES-256-CBC''
| |
| − |
| |
| − | Save the config file:
| |
| − | :*If using Terminal : Save the file (Ctrl+s)''
| |
| − | :*If using SSH: press Ctrl+x , then y ,then press Enter
| |
| − |
| |
| − | Let's restart openvpn service:
| |
| − | :''service openvpn restart''
| |
| − |
| |
| − | You'll get something like this after this command :
| |
| − | :''Shutting down openvpn.... [OK]
| |
| − | :''Starting openvpn... [OK]
| |
| − |
| |
| − |
| |
| − | OK, there is one more thing left to do on server, you need to copy "ta.key" to a shared folder, because you have to use it on VPN client. a simple way to do this is to enter the following command, it will copy "ta.key" to "Docs" share folder which is accessible via Windows Share:
| |
| − |
| |
| − | :''cp /etc/openvpn/amahi/ta.key /var/hda/files/docs''
| |
| − |
| |
| − |
| |
| − | '''Things to do on Client:'''
| |
| − | :*If using windows: Run HDAConnect GUI, right-click on the red "A" icon in tray & choose "Edit Config".
| |
| − | :* If using other OS, you need to edit OpenVpn client config file via a text editor.<br>
| |
| − | Now add these lines to end of the file:
| |
| − |
| |
| − | :''tls-auth ta.key 1''
| |
| − | :''cipher AES-256-CBC''
| |
| − |
| |
| − | Then save it, now we need to copy "ta.key" to the folder where the config file exists.
| |
| − | :*On 32-bit Windows it should be copied to "C:\Program files\HDAConnect\config".
| |
| − | :*On 64-bit Windows"C:\Program Files (x86)\HDAConnect\config".
| |
| − | :*On other OS, it should be placed where the config file exists.
| |
| − |
| |
| − | ='''Done!'''=
| |
| − | Everything is set, fire up Openvpn client and use your username/password to connect.<br>(As you know you cannot make a vpn tunnel from yourself to yourself! so you have to test it from another network.)
| |
