Клиент############################################### Sample client-side Ope

1. Клиент
2. ##############################################
3. # Sample client-side OpenVPN 2.0 config file #
4. # for connecting to multi-client server. #
5. # #
6. # This configuration can be used by multiple #
7. # clients, however each client should have #
8. # its own cert and key files. #
9. # #
10. # On Windows, you might want to rename this #
11. # file so it has a .ovpn extension #
12. ##############################################
13.  
14. # Specify that we are a client and that we
15. # will be pulling certain config file directives
16. # from the server.
17. client
18.  
19. # Use the same setting as you are using on
20. # the server.
21. # On most systems, the VPN will not function
22. # unless you partially or fully disable
23. # the firewall for the TUN/TAP interface.
24. ;dev tun
25. dev tap
26.  
27. # Windows needs the TAP-Win32 adapter name
28. # from the Network Connections panel
29. # if you have more than one. On XP SP2,
30. # you may need to disable the firewall
31. # for the TAP adapter.
32. ;dev-node MyTap
33.  
34. # Are we connecting to a TCP or
35. # UDP server? Use the same setting as
36. # on the server.
37. ;proto tcp
38. proto tcp
39.  
40. # The hostname/IP and port of the server.
41. # You can have multiple remote entries
42. # to load balance between the servers.
43. remote my-server 1194
44. # remote 178.124.163.245 1194
45. ;remote my-server-2 1194
46.  
47. # Choose a random host from the remote
48. # list for load-balancing. Otherwise
49. # try hosts in the order specified.
50. ;remote-random
51.  
52. # Keep trying indefinitely to resolve the
53. # host name of the OpenVPN server. Very useful
54. # on machines which are not permanently connected
55. # to the internet such as laptops.
56. #resolv-retry infinite
57.  
58. # Most clients don't need to bind to
59. # a specific local port number.
60. nobind
61.  
62. # Downgrade privileges after initialization (non-Windows only)
63. ;user nobody
64. ;group nobody
65.  
66. # Try to preserve some state across restarts.
67. persist-key
68. persist-tun
69.  
70. # If you are connecting through an
71. # HTTP proxy to reach the actual OpenVPN
72. # server, put the proxy server/IP and
73. # port number here. See the man page
74. # if your proxy server requires
75. # authentication.
76. ;http-proxy-retry # retry on connection failures
77. ;http-proxy [proxy server] [proxy port #]
78.  
79. # Wireless networks often produce a lot
80. # of duplicate packets. Set this flag
81. # to silence duplicate packet warnings.
82. ;mute-replay-warnings
83.  
84. # SSL/TLS parms.
85. # See the server config file for more
86. # description. It's best to use
87. # a separate .crt/.key file pair
88. # for each client. A single ca
89. # file can be used for all clients.
90. ca ca.crt
91. cert admin.crt
92. key admin.key
93.  
94. # Verify server certificate by checking
95. # that the certicate has the nsCertType
96. # field set to "server". This is an
97. # important precaution to protect against
98. # a potential attack discussed here:
99. # http://openvpn.net/howto.html#mitm
100. #
101. # To use this feature, you will need to generate
102. # your server certificates with the nsCertType
103. # field set to "server". The build-key-server
104. # script in the easy-rsa folder will do this.
105. ns-cert-type server
106.  
107. route-method exe
108. route-delay 10
109. tun-mtu 1300
110.  
111. # If a tls-auth key is used on the server
112. # then every client must also have the key.
113. tls-auth ta.key 1
114.  
115. # Select a cryptographic cipher.
116. # If the cipher option is used on the server
117. # then you must also specify it here.
118. cipher BF-CBC
119.  
120. # Enable compression on the VPN link.
121. # Don't enable this unless it is also
122. # enabled in the server config file.
123. comp-lzo
124.  
125. # Set log file verbosity.
126. verb 5
127.  
128. # Silence repeating messages
129. ;mute 20
130.  
131.  
132. Сервер
133. port 1194
134. # на сайте разработчиков рекомендуется использовать udp в том числе
135. # по соображениям безопасности, но для нормальной работы удаленной
136. # печати, рекомендую использовать tcp
137. proto tcp-server
138. dev tap
139. ca "ca.crt"
140. cert "server.crt"
141. key "server.key"
142. # Этот файл хранить в секрете!
143. dh "dh1024.pem"
144. # включаем TLS аутификацию
145. tls-server
146. # указываем tls-ключ, и указываем 0 для сервера, а 1 для клиента
147. tls-auth "ta.key" 0
148. # таймаут до реконекта
149. tls-timeout 120
150. # задаем IP-адрес сервера и маску подсети
151. server 10.0.8.0 255.255.255.0
152.  
153. # разрешаем использовать одинаковые ключи
154. #duplicate-cn
155. # задаем МАРШРУТ который передаём клиенту
156. # и маску подсети для того чтобы он "видел"
157. # сеть за OpenVPN сервером (сеть 192.168.1.0/24)
158. # push "route 192.168.1.0 255.255.255.0"
159. # удерживать соединение (полезно при работе через nat, proxy и т.п.)
160. keepalive 10 120
161. # маршруты добавляются через exe
162. route-method exe
163. route-delay 10
164. tun-mtu 1300
165. # шлюз в openvpn сеть
166. #route-gateway 10.0.8.1
167. # маршрут на всю сеть
168. #route 10.0.8.0 255.255.255.0
169. # включаем шифрацию пакетов
170. cipher BF-CBC
171. # включить сжатие
172. comp-lzo
173. # максимум клиентов
174. max-clients 10
175. # Не перечитывать ключи после получения
176. persist-key
177. # Не закрывать и переоткрывать TUNTAP
178. # устройство, после получения
179. # SIGUSR1 или ping-restart
180. persist-tun
181. # клиенты могут "видеть" друг друга
182. client-config-dir ccd
183. client-to-client
184. status "openvpn-status.log"
185. log "openvpn.log"
186. log-append "openvpn.log"
187. # уровень детализации отчетов
188. verb 5