Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## GENERAL ##
- # TCP or UDP, port 443, tunneling
- mode server
- proto tcp4
- port 443
- port-share 127.0.0.1 4443
- dev tun
- ## KEY, CERTS AND NETWORK CONFIGURATION ##
- # Identity
- ca /etc/openvpn/server/ca.crt
- # Public key
- cert /etc/openvpn/server/shawn-route.crt
- # Private key
- key /etc/openvpn/server/shawn-route.key
- # Symmetric encryption
- #DH and CRL key
- dh /etc/openvpn/server/dh.pem
- #crl-verify /etc/openvpn/server/crl.pem
- # Improve security (DDOS, port flooding...)
- # TLS Security
- cipher AES-256-CBC
- # 0 for the server, 1 for the client
- # tls-auth ta.key 0
- auth SHA512
- auth-nocache loop
- #Enable multiple client to connect with same certificate key
- duplicate-cn
- # Network
- # Subnetwork, the server will be the 10.8.0.1 and clients will take the other ips
- server 10.8.0.0 255.255.255.0
- # Allows for local resources to still be reached while connected to OpenVPN server
- #push "route 192.168.0.1 255.255.255.0"
- #push "route 192.168.1.0 255.255.255.0"
- route "192.168.0.1 255.255.255.0 10.8.0.0"
- # Redirect all IP network traffic originating on client machines to pass through the OpenVPN server
- push "redirect-gateway def1"
- # Alternatives DNS (FDN)
- #push "dhcp-option DNS 80.67.169.12"
- #push "dhcp-option DNS 80.67.169.40"
- push "dhcp-option DNS 10.8.0.1"
- # (OpenDNS)
- # push "dhcp-option DNS 208.67.222.222"
- # push "dhcp-option DNS 208.67.220.220"
- # (Google)
- # push "dhcp-option DNS 8.8.8.8"
- # push "dhcp-option DNS 8.8.4.4"
- # Ping every 10 seconds and if after 120 seconds the client doesn't respond we disconnect
- keepalive 10 120
- # Regenerate key each 5 hours (disconnect the client)
- reneg-sec 18000
- ## SECURITY ##
- # Downgrade privileges of the daemon
- user nobody
- group nobody
- # Persist keys (because we are nobody, so we couldn't read them again)
- persist-key
- # Don't close and re open TUN/TAP device
- persist-tun
- # Enable compression
- comp-lzo
- ## LOG ##
- # Verbosity
- # 3/4 for a normal utilisation
- verb 3
- # Max 20 messages of the same category
- mute 20
- # Log gile where we put the clients status
- status openvpn-status.log
- # Log file
- log-append /var/log/openvpn.log
- # Configuration directory of the clients
- client-config-dir ccd
- ## PASS ##
- # Allow running external scripts with password in ENV variables
- script-security 3
- # Use the authenticated username as the common name, rather than the common name from the client cert
- username-as-common-name
- # Client certificate is not required
- verify-client-cert none
- # Use the connection script when a user wants to login
- auth-user-pass-verify scripts/login.sh via-env
- # Maximum of clients
- max-clients 50
- # Run this scripts when the client connects/disconnects
- client-connect scripts/connect.sh
- client-disconnect scripts/disconnect.sh
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement