2016-04-19 18:01:55 +00:00
|
|
|
dev tun
|
|
|
|
|
proto udp
|
|
|
|
|
port 1194
|
|
|
|
|
ca /etc/openvpn/easy-rsa/keys/ca.crt
|
|
|
|
|
cert /etc/openvpn/easy-rsa/keys/server.crt
|
|
|
|
|
key /etc/openvpn/easy-rsa/keys/server.key
|
|
|
|
|
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
|
|
|
|
|
server 10.8.0.0 255.255.255.0
|
|
|
|
|
# server and remote endpoints
|
|
|
|
|
ifconfig 10.8.0.1 10.8.0.2
|
|
|
|
|
# Add route to Client routing table for the OpenVPN Server
|
|
|
|
|
push "route 10.8.0.1 255.255.255.255"
|
|
|
|
|
# Add route to Client routing table for the OPenVPN Subnet
|
|
|
|
|
push "route 10.8.0.0 255.255.255.0"
|
|
|
|
|
# your local subnet
|
2016-11-09 20:02:40 +00:00
|
|
|
push "route LOCALNET LOCALMASK"
|
2016-04-20 16:10:06 +00:00
|
|
|
# Set your primary domain name server address for clients
|
2016-04-19 18:01:55 +00:00
|
|
|
push "dhcp-option DNS 8.8.8.8"
|
2016-04-23 19:08:14 +00:00
|
|
|
push "dhcp-option DNS 8.8.4.4"
|
2016-04-19 18:01:55 +00:00
|
|
|
# Override the Client default gateway by using 0.0.0.0/1 and
|
|
|
|
|
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
|
|
|
|
|
# overriding but not wiping out the original default gateway.
|
|
|
|
|
push "redirect-gateway def1"
|
|
|
|
|
client-to-client
|
|
|
|
|
duplicate-cn
|
|
|
|
|
keepalive 10 120
|
2016-04-26 14:39:18 +00:00
|
|
|
tls-version-min 1.2
|
2016-04-19 18:01:55 +00:00
|
|
|
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
|
2016-04-23 19:08:14 +00:00
|
|
|
cipher AES-256-CBC
|
|
|
|
|
auth SHA256
|
2016-04-19 18:01:55 +00:00
|
|
|
comp-lzo
|
|
|
|
|
user nobody
|
|
|
|
|
group nogroup
|
|
|
|
|
persist-key
|
|
|
|
|
persist-tun
|
|
|
|
|
#crl-verify /etc/openvpn/crl.pem
|
|
|
|
|
status /var/log/openvpn-status.log 20
|
|
|
|
|
log /var/log/openvpn.log
|
|
|
|
|
verb 1
|
|
|
|
|
# This configuration file was originally written by Lauren Orsini at ReadWrite.
|
