1 files changed, 26 insertions, 0 deletions

diff --git a/network/openvpn/README b/network/openvpn/README
new file mode 100644
index 0000000000..7afb4c0f28
--- /dev/null
+++ b/network/openvpn/README
@@ -0,0 +1,26 @@
+OpenVPN is a full-featured SSL VPN solution which can accomodate a wide
+range of configurations, including remote access, site-to-site VPNs,
+WiFi security, and enterprise-scale remote access solutions with load
+balancing, failover, and fine-grained access-controls.
+
+OpenVPN implements OSI layer 2 or 3 secure network extension using the
+industry standard SSL/TLS protocol, supports flexible client
+authentication methods based on certificates, smart cards, and/or
+2-factor authentication, and allows user or group-specific access
+control policies using firewall rules applied to the VPN virtual
+interface.
+
+Naturally OpenVPN depends upon having openssl (not just openssl-solibs)
+installed on your computer. However, this script does not include
+support for LZO compression.
+
+Please note that there is no default config file for OpenVPN. This is
+by design. OpenVPN can technically use any config file in any location.
+However, this script does create an /etc/openvpn/ directory with certs/
+and keys/ subdirectories.  Feel free to place config files, keys, and
+certificates in these directories. certs/ and keys/ are owned by user
+root and group nobody and are not world readable nor writable.
+Additionally, they are not writable by group nobody. It is recommended
+that you run openvpn nobody:nobody, but you may use another
+non-privilaged user and group at your option.  Just change the
+permissions on these permissions to reflect that if you do.