Lauritzl am 12. Januar 2026 um 15:26 Uhr

2026-01-12T15:26:26Z

Lauritzl: Die Seite wurde neu angelegt: „{{Set_lang}} {{#vardefine:headerIcon|spicon-utm}} {{:UTM/CLI/Openvpn.lang}} {{TOC2|toclevel=1}}{{Select_lang}} {{Header|12.0| | v11 }} ---- * {{#var:Parameter mit mehreren Werten}} * {{#var:Parameter ohne Werte}} {| class="sptable2 sortable pd5 table-hover" |- ! class="mw14" | {{#var:Befehl}} !! {{#var:Parameter}} !! {{#var:desc}} !! {{#var:Beispiel}} |- | {{h3|openvpn}}{{h4|openvpn delete}}'''openvpn''' delete | i…“

2024-02-12T07:10:01Z

Die Seite wurde neu angelegt: „{{Set_lang}} {{#vardefine:headerIcon|spicon-utm}} {{:UTM/CLI/Openvpn.lang}} </div>{{TOC2|toclevel=1}}{{Select_lang}} {{Header|12.0| | v11 }} ---- * {{#var:Parameter mit mehreren Werten}} * {{#var:Parameter ohne Werte}} {| class="sptable2 sortable pd5 table-hover" |- ! class="mw14" | {{#var:Befehl}} !! {{#var:Parameter}} !! {{#var:desc}} !! {{#var:Beispiel}} |- | {{h3|openvpn}}{{h4|openvpn delete}}'''openvpn''' delete | i…“

Neue Seite

{{Set_lang}}

{{#vardefine:headerIcon|spicon-utm}}
{{:UTM/CLI/Openvpn.lang}}

</div>{{TOC2|toclevel=1}}{{Select_lang}}
{{Header|12.0|

|[[UTM/CLI/Openvpn_v11 | v11]]
}}
----

* {{#var:Parameter mit mehreren Werten}}

* {{#var:Parameter ohne Werte}}

{| class="sptable2 sortable pd5 table-hover"
|-
! class="mw14" | {{#var:Befehl}} !! {{#var:Parameter}} !! {{#var:desc}} !! {{#var:Beispiel}}
|-

| {{h3|openvpn}}{{h4|openvpn delete}}'''openvpn''' delete
| id
| {{#var:delete--desc}}
| openvpn delete id "6"
|-

| {{h4|openvpn get}}openvpn get
| -
| {{#var:get--desc}}
| openvpn get

|-
| rowspan=18 | {{h4|openvpn new}} openvpn new
|
| {{#var:new--desc}}
| rowspan=18 | {{#var:new--bsp}}
|-
| id || {{#var:id--desc}}
|-
| name || {{#var:name--desc}}
|-
| mode || {{#var:mode--desc}}
|-
| proto || {{#var:proto--desc}}
|-
| auth || {{#var:auth--desc}}
|-
| cert || {{#var:cert--desc}}
|-
| dh_size || {{#var:dh_size--desc}}
|-
| mtu || {{#var:mtu--desc}}
|-
| pool || {{#var:pool--desc}}
|-
| flags || {{#var:flags--desc}}
|-
| local_addr || {{#var:local_addr--desc}}
|-
| local_port || {{#var:local_port--desc}}
|-
| remote || {{#var:remote--desc}}
|-
| max_clients || {{#var:max_clients--desc}}
|-
| interface || {{#var:interface--desc}}
|-
| push_subnet_id || {{#var:push_subnet_id--desc}}
|-
| push_subnet || {{#var:push_subnet--desc}}
|-

| {{h4|openvpn set}}openvpn set
| id
| {{#var:set--desc}} {{#var:Parameter-identisch--desc}} {{code|openvpn new}}
| {{#var:set--bsp}}
|-

| {{h4|openvpn export}}openvpn export
| user
| {{#var:export--desc}}
| openvpn export user "Benutzername" type "config"
|-

| {{h4|openvpn status}}openvpn status
| -
| {{#var:status--desc}}
| openvpn status
|-

| rowspan=3 |{{h4|openvpn disconnect}}openvpn disconnect
|
| {{#var:disconnect--desc}}
| rowspan=3 | openvpn disconnect name "RW_Test" c_name "vpnuser"
|-
| name || {{#var:disconnect name--desc}}
|-
| c_came || {{#var:disconnect c_name--desc}}
|-

| {{h4|openvpn update}}openvpn update
| -
| {{#var:update--desc}}
| openvpn update
|-

| rowspan=1 | {{h3|openvpn cipher}}{{h4|openvpn cipher get_available}}'''openvpn cipher''' get_available
|
| {{#var:cipher--desc}}
| rowspan=1 |
|-

| rowspan=1 | {{h3|openvpn digest_algorithm}}{{h4|openvpn digest_algorithm get_available}}'''openvpn digest_algorithm''' get_available
|
| {{#var:digest_algorithm--desc}}
| rowspan=1 |
|-

| rowspan=3 | {{h3|openvpn push_subnet}}{{h4|openvpn push_subnet new}}'''openvpn push_subnet''' new
|
| {{#var:push_subnet new--desc}}
| rowspan=3 | openvpn push_subnet new openvpn_id "3" push_subnet 192.168.176.0/24
|-
| openvpn_id || {{#var:openvpn_id--desc}}
|-
| push_subnet || {{#var:push_subnet--desc}}
|-

| rowspan=3 | {{h4|openvpn push_subnet delete}}openvpn push_subnet delete
|
| {{#var:push_subnet delete--desc}}
| rowspan=3 | openvpn push_subnet delete openvpn_id "3" push_subnet_id 15
|-
| openvpn_id || {{#var:openvpn_id--desc}}
|-
| push_subnet_id || {{#var:push_subnet_id--desc}}
|-

| {{h3|openvpn remote}}{{h4|openvpn remote get}}'''openvpn remote''' get
| -
| {{#var:remote get--desc}}
| openvpn remote get
|-
| rowspan=9 | {{h4|openvpn remote new}}openvpn remote new
|
| Anlegen eines neuen SSL-VPN Remote-Profils
| rowspan=9 | openvpn remote new name "Client1" common_name "Client_cert" tunnel_addr "192.168.250.10/24" subnets "192.168.176.0/24"
|-
| id || {{#var:remote id--desc}}
|-
| openvpn_id || {{#var:remote openvpn_id--desc}}
|-
| name || {{#var:remote name--desc}}
|-
| common_name || {{#var:remote common_name--desc}}
|-
| tunnel_addr || {{#var:remote runnel_addr--desc}}
|-
| hosts || {{#var:remote hosts--desc}}
|-
| subnets || {{#var:remote subnets--desc}}
|-
| push_subnets || {{#var:remote push_subnets-desc}}
|-

| {{h4|openvpn remote set}}openvpn remote set
| id
| {{#var:remote set--desc}} {{#var:Parameter-identisch--desc}} {{code|openvpn remote new}}
| openvpn remote set id "3" tunnel_addr "192.168.250.2/24"
|-

| {{h4|openvpn remote delete}}openvpn remote delete
| id
| {{#var:remote delete--desc}}
| openvpn remote delete id "3"
|-

| rowspan=5 | {{h3|openvpn option}}{{h4|openvpn option get}}'''openvpn option''' get
|
| {{#var:option get--desc}}
| rowspan=5 |
|-
| id ||
|-
| name ||
|-
| value ||
|-
| description ||
|}
----

==={{#var:Neue Verbindung anlegen}}===
<div class="einrücken">

===={{#var:TUN-Interface + Zone anlegen}}====
<div class="einrücken">
interface new name "tun0" type "TUN"
interface zone new name "vpn-openvpn-server_conn" interface tun0}}
</div>

===={{#var:Zertifikate anlegen}}====
<div class="einrücken">
cert new common_name "myCA"
cert new common_name "Server_cert" issuer_id 130
cert new common_name "Client_cert" issuer_id 130

id |common_name|bits|valid_since |valid_till |issuer|flags |status
---+-----------+----+-------------------+-------------------+------+------+------
130|myCA |1024|2011-08-25-10-41-16|2012-08-24-10-41-16|myCA |KEY,CA|OK
131|Server_cert|1024|2011-08-25-10-41-43|2012-08-24-10-41-43|myCA |KEY |OK
132|Client_cert|1024|2011-08-25-10-42-04|2012-08-24-10-42-04|myCA |KEY |OK

{{#var:Site to Site--desc}}
cert export x509 id 130
cert export x509 id 132
</div>

{{h4|{{#var:Openvpn-Remote Profile definieren}}|{{#var:Openvpn-Remote Profile definieren}} <small>({{#var:nur bei Site to Site Verbindungen}})</small>}}
<div class="einrücken">
*{{#var:Server Seite}}

{{code|openvpn remote new name "Client1" common_name "Client_cert" tunnel_addr "192.168.250.10" subnets 192.168.176.0/24}}

*{{#var:Server Seite}}

{{code|openvpn remote new name "s2s-Server" hosts 192.168.4.143}}<br>
</div>

===={{#var:Openvpn-Verbindung anlegen}}====

<div class="einrücken">
'''Roadwarrior'''
openvpn new name "RW-Verbindung" mode "SERVER" proto "UDP" auth "LOCAL" cert "Server_cert" pool "192.168.250.0/24" mtu "1500" interface "tun0" local_port "1194" reneg "3600" push_subnet "192.168.175.0/24" dh_size "2048"

'''Site to Site'''
*{{#var:Zertifikate importieren}}
*{{#var:Server Seite}}
openvpn new name "s2s-conn" mode "SERVER" proto "UDP" auth "NONE" cert "Server_cert" dh_size "2048" mtu "1400" pool "192.168.250.0/24" interface tun0
*{{#var:Client Seite}}
openvpn new name "s2s-client" mode "CLIENT" proto "UDP" auth "NONE" cert "Client_cert" dh_size "2048" mtu "1400" interface "tun0" remote s2s-Server
<br clear=all></div>

{{Hinweis-box|{{#var:Hinweis neue Verbindung}}|fs__icon=em3}}
<br clear=all></div>
----

===Multiple OpenvpnServer===

<div class="einrücken">
{{#var:Multiple OpenvpnServer--desc}}
openvpn remote set id 2 hosts 192.168.4.143,192.168.176.1

firewall.foo.local> openvpn remote get
id|name |hosts
--+----------------+---------------------------
2 |remote_sslserver|192.168.4.143,192.168.176.1

{{#var:Porteinstellungen--desc}}

firewall.foo.local> openvpn remote set id 2 hosts 192.168.4.143:1195,192.168.176.1:1196

id|name |hosts
--+----------------+----------------------------------
2 |remote_sslserver|192.168.4.143:1195,192.168.176.1:1196

{{#var:Verbindungsaufbau--desc}}
<br clear=all></div>

UTM/CLI/Openvpn - Versionsgeschichte

Lauritzl am 12. Januar 2026 um 15:26 Uhr