Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- script-security 2
- up /etc/openvpn/update-resolv-conf
- down /etc/openvpn/update-resolv-conf
- acl goodclients {
- 172.31.18.0/24;
- 10.8.93.0/24;
- 127.0.0.1;
- localhost;
- localnets;
- };
- options {
- directory "/var/cache/bind";
- recursion yes;
- allow-query { goodclients; };
- forwarders {
- 91.239.100.100;
- 89.233.43.71;
- };
- forward only;
- dnssec-validation auto;
- auth-nxdomain no; # conform to RFC1035
- listen-on-v6 { any; };
- };
- port 1194
- proto udp
- dev tun
- comp-lzo
- keepalive 10 120
- persist-key
- persist-tun
- user nobody
- group nogroup
- chroot /etc/openvpn/easy-rsa/keys/crl.jail
- crl-verify crl.pem
- ca /etc/openvpn/easy-rsa/keys/ca.crt
- dh /etc/openvpn/easy-rsa/keys/dh1024.pem
- tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
- key /etc/openvpn/easy-rsa/keys/server.key
- cert /etc/openvpn/easy-rsa/keys/server.crt
- ifconfig-pool-persist /var/lib/openvpn/server.ipp
- client-config-dir /etc/openvpn/server.ccd
- status /var/log/openvpn/server.log
- verb 4
- # virtual subnet unique for openvpn to draw client addresses from
- # the server will be configured with x.x.x.1
- # important: must not be used on your network
- server 10.8.93.0 255.255.255.0
- # configure clients to route all their traffic through the vpn
- push "redirect-gateway def1 bypass-dhcp"
- push "dhcp-option DNS 10.8.93.1"
- #push "redirect-gateway def1"
- #logs
- log-append openvpn.log
- verb 5
- dig @10.8.93.1 google.com
- ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @10.8.93.1 google.com
- ; (1 server found)
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35943
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
- ;; QUESTION SECTION:
- ;google.com. IN A
- ;; ANSWER SECTION:
- google.com. 251 IN A 173.194.112.201
- google.com. 251 IN A 173.194.112.206
- google.com. 251 IN A 173.194.112.192
- google.com. 251 IN A 173.194.112.193
- google.com. 251 IN A 173.194.112.194
- google.com. 251 IN A 173.194.112.195
- google.com. 251 IN A 173.194.112.196
- google.com. 251 IN A 173.194.112.197
- google.com. 251 IN A 173.194.112.198
- google.com. 251 IN A 173.194.112.199
- google.com. 251 IN A 173.194.112.200
- ;; Query time: 130 msec
- ;; SERVER: 10.8.93.1#53(10.8.93.1)
- ;; WHEN: Fri Nov 7 00:50:59 2014
- ;; MSG SIZE rcvd: 204
Add Comment
Please, Sign In to add comment