<div dir="ltr">hier ne korrigierte und getestete backfire config welche up-delay und ping-restart richtig verwendet, und wirklich unnötiges/falsches mal auskommentiert.<div><br></div><div>mit dieser solltest du dann kein händischen openvpn stop start oder oslr restart mehr brauchen<br>
<div><br></div><div><div>config openvpn 'to_krypta' </div><div> option remote '78.41.115.228'</div><div># option keepalive '10 30'</div><div> option ping_restart '20'</div>
<div># option enable '1'</div><div> option verb '3' </div><div> option dev 'tap0' </div><div> option fast_io '1'</div><div> option port '5082' </div>
<div> option ifconfig '78.41.112.84 255.255.255.0'</div><div> option enabled '1'</div><div> option nobind '1' </div><div> option comp_lzo '1' </div><div> option ifconfig_noexec '1'</div>
<div> option ifconfig_nowarn '1'</div><div># option persist_tun '1' </div><div> option persist_local_ip '1' </div><div> option persist_remote_ip '1'</div><div>
# option remote_random '0'</div><div> option proto 'udp' </div><div># option up_delay '5'</div><div> option up_delay '1' </div><div># option float '1' </div>
<div> option dev_type 'tap' </div></div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/10/11 Markus Kittenberger <span dir="ltr"><<a href="mailto:Markus.Kittenberger@gmx.at" target="_blank">Markus.Kittenberger@gmx.at</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">2013/10/11 <a href="mailto:kaefert@gmail.com" target="_blank">kaefert@gmail.com</a> <span dir="ltr"><<a href="mailto:kaefert@gmail.com" target="_blank">kaefert@gmail.com</a>></span><br>
<div class="gmail_extra"><div class="gmail_quote">
<div><br></div><div>also up-delay fehlt in der cmdline! </div><div><br></div><div>und ansonst kommentare zu allen optionen die nit sowieso nona nötig sinn (-:</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><div><div></div><div>--syslog openvpn(to_krypta)<br></div></div></div></blockquote><div>wenn du gern viele einträge im syslog hast, gut,.. </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><div><div>--writepid /var/run/openvpn-to_krypta.pid</div></div></div></blockquote><div>egal, bzw für nen openvpn stop restart wohl nöt </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><div><div>--fast-io</div></div></div></blockquote><div>hmmm experimential, und machts den tunnel nu 5-10% schneller, im zweifelsfall mal weglassen</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><div><div>--float</div></div></div></blockquote><div>zumindest mal unnötig/unangebracht, denn die gegenseite wird ihre ip/port nicht ändern.</div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr">--ifconfig 78.41.112.84 255.255.255.0</div></blockquote><div>passt </div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">--ifconfig-nowarn</div></blockquote>
<div> --ifconfig-noexec</div></div></blockquote><div>beides egal wenn der tunnel ne ip kriegt im endeffekt</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div></div></div></blockquote>
<div>--nobind</div></div></blockquote><div>sollt nit stören </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><div><div> --persist-local-ip</div></div></div></blockquote><div>gut, bzw. sollt nit stören</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><div><div> --persist-remote-ip</div></div></div></blockquote><div>gut, bzw. sollt nit stören</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><div><div> --persist-tun</div></div></div></blockquote><div>nit ideal,.. (macht afair keinen sinn zusammen mit up-delay)</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><div><div>--dev-type tap<br></div></div></div></blockquote><div>überflüssig, stört aber sicher nit </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><div><div> --keepalive 10 30</div></div></div></blockquote><div>nit ideal, aber momentan wohl nit das problem, trotzdem hätt ich lieber -- ping-restart 20</div></div></div></div>
</blockquote></div><br></div>