mirror of
https://github.com/pivpn/pivpn.git
synced 2024-12-18 19:00:15 +00:00
ead280e60f
- Preparation for feature request from issue #942
39 lines
1.1 KiB
Text
39 lines
1.1 KiB
Text
dev tun
|
|
proto udp
|
|
port 1194
|
|
ca /etc/openvpn/easy-rsa/pki/ca.crt
|
|
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
|
|
key /etc/openvpn/easy-rsa/pki/private/server.key
|
|
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
|
|
topology subnet
|
|
server 10.8.0.0 255.255.255.0
|
|
# Set your primary domain name server address for clients
|
|
push "dhcp-option DNS 9.9.9.9"
|
|
push "dhcp-option DNS 149.112.112.112"
|
|
# Prevent DNS leaks on Windows
|
|
push "block-outside-dns"
|
|
# Override the Client default gateway by using 0.0.0.0/1 and
|
|
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
|
|
# overriding but not wiping out the original default gateway.
|
|
push "redirect-gateway def1"
|
|
client-to-client
|
|
client-config-dir /etc/openvpn/ccd
|
|
keepalive 15 120
|
|
remote-cert-tls client
|
|
tls-version-min 1.2
|
|
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
|
|
cipher AES-256-CBC
|
|
auth SHA256
|
|
user openvpn
|
|
group openvpn
|
|
persist-key
|
|
persist-tun
|
|
crl-verify /etc/openvpn/crl.pem
|
|
status /var/log/openvpn-status.log 20
|
|
status-version 3
|
|
syslog
|
|
verb 3
|
|
#DuplicateCNs allow access control on a less-granular, per user basis.
|
|
#Remove # if you will manage access by user instead of device.
|
|
#duplicate-cn
|
|
# Generated for use by PiVPN.io
|