On 20/05/2021 17:09, Arne Schwabe wrote:
This is meant to give new users a quickstart for a useable OpenVPN setup. Our own documentation is lacking in this regard and many tutorials that can be found online are often questionable in some aspects.Linking the individaul RST file on github also give a tutorial in a nicely formatted way. Patch V2: Fix grammar/spelling mistakes (thanks ticantech), move to openvpn-examples(5). Signed-off-by: Arne Schwabe <a...@rfc2549.org> --- Changes.rst | 4 + doc/Makefile.am | 1 + doc/man-sections/example-fingerprint.rst | 196 +++++++++++++++++++++++ doc/openvpn-examples.5.rst | 1 + 4 files changed, 202 insertions(+) create mode 100644 doc/man-sections/example-fingerprint.rst
This is basically good; I do have some really minor nit-pick. I've tested an OpenVPN server built from git and with both a git master client as well as a v2.5.3 client. Both works with the instructions as given here. And both man and html files are created correctly.
One confusing thing is that the server config complains about missing CA if there are no peer-fingerprint entries are present. But that's outside the scope of this documentation.
The nit-pick comes below ...
diff --git a/doc/man-sections/example-fingerprint.rst b/doc/man-sections/example-fingerprint.rst new file mode 100644 index 000000000..c91ca64b9 --- /dev/null +++ b/doc/man-sections/example-fingerprint.rst @@ -0,0 +1,196 @@ +Small OpenVPN setup with peer-fingerprint +=========================================
[...snip...]
+3. Write a server configuration (`server.conf`): +:: + + # The server certificate we created in step 1 + cert server.pem + key serverkey.pem + + dh none + dev tun + + # Listen on IPv6+IPv4 simultaneously + proto udp6 + + # The ip address the server will distribute + server 192.168.234.0 255.255.255.0
Elsewhere in our documentation, we've been using 10.8.0.0/24 for the example VPN subnets.
+ server-ipv6 fd00:6f76:706e::/64
The other example subnet we've used for IPv6 is fd15:53b6:dead::2/64, but that's related to --block-ipv6. I vaguely remember we used some other IPv6 subnet in examples, but not able to find it now. If this is the standard subnet, feel free to ignore this comment.
These nit-picks does not hold back my approval though; they can be changed on-the-fly if so be.
Acked-By: David Sommerseth <dav...@openvpn.net> -- kind regards, David Sommerseth OpenVPN Inc
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel