SHARE
TWEET

Untitled

a guest Sep 20th, 2019 119 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #################################################
  2. # Sample OpenVPN 2.0 config file for            #
  3. # multi-client server.                          #
  4. #                                               #
  5. # This file is for the server side              #
  6. # of a many-clients <-> one-server              #
  7. # OpenVPN configuration.                        #
  8. #                                               #
  9. # OpenVPN also supports                         #
  10. # single-machine <-> single-machine             #
  11. # configurations (See the Examples page         #
  12. # on the web site for more info).               #
  13. #                                               #
  14. # This config should work on Windows            #
  15. # or Linux/BSD systems.  Remember on            #
  16. # Windows to quote pathnames and use            #
  17. # double backslashes, e.g.:                     #
  18. # "C:\\Program Files\\OpenVPN\\config\\foo.key" #
  19. #                                               #
  20. # Comments are preceded with '#' or ';'         #
  21. #################################################
  22.  
  23. # Which local IP address should OpenVPN
  24. # listen on? (optional)
  25. local 82.208.10.28
  26.  
  27. #push "redirect-gateway def1"
  28.  
  29. # Which TCP/UDP port should OpenVPN listen on?
  30. # If you want to run multiple OpenVPN instances
  31. # on the same machine, use a different port
  32. # number for each one.  You will need to
  33. # open up this port on your firewall.
  34. port 1194
  35.  
  36. # TCP or UDP server?
  37. ;proto tcp
  38. proto udp
  39.  
  40. # "dev tun" will create a routed IP tunnel,
  41. # "dev tap" will create an ethernet tunnel.
  42. # Use "dev tap0" if you are ethernet bridging
  43. # and have precreated a tap0 virtual interface
  44. # and bridged it with your ethernet interface.
  45. # If you want to control access policies
  46. # over the VPN, you must create firewall
  47. # rules for the the TUN/TAP interface.
  48. # On non-Windows systems, you can give
  49. # an explicit unit number, such as tun0.
  50. # On Windows, use "dev-node" for this.
  51. # On most systems, the VPN will not function
  52. # unless you partially or fully disable
  53. # the firewall for the TUN/TAP interface.
  54. ;dev tap
  55. dev tun
  56.  
  57. # Windows needs the TAP-Win32 adapter name
  58. # from the Network Connections panel if you
  59. # have more than one.  On XP SP2 or higher,
  60. # you may need to selectively disable the
  61. # Windows firewall for the TAP adapter.
  62. # Non-Windows systems usually don't need this.
  63. ;dev-node MyTap
  64.  
  65. # SSL/TLS root certificate (ca), certificate
  66. # (cert), and private key (key).  Each client
  67. # and the server must have their own cert and
  68. # key file.  The server and all clients will
  69. # use the same ca file.
  70. #
  71. # See the "easy-rsa" directory for a series
  72. # of scripts for generating RSA certificates
  73. # and private keys.  Remember to use
  74. # a unique Common Name for the server
  75. # and each of the client certificates.
  76. #
  77. # Any X509 key management system can be used.
  78. # OpenVPN can also use a PKCS #12 formatted key file
  79. # (see "pkcs12" directive in man page).
  80. ca /etc/openvpn/ca.crt
  81. cert /etc/openvpn/server.crt
  82. key /etc/openvpn/server.key  # This file should be kept secret
  83.  
  84. # Diffie hellman parameters.
  85. # Generate your own with:
  86. #   openssl dhparam -out dh2048.pem 2048
  87. dh /etc/openvpn/dh.pem
  88.  
  89. # Network topology
  90. # Should be subnet (addressing via IP)
  91. # unless Windows clients v2.0.9 and lower have to
  92. # be supported (then net30, i.e. a /30 per client)
  93. # Defaults to net30 (not recommended)
  94. topology subnet
  95.  
  96. # Configure server mode and supply a VPN subnet
  97. # for OpenVPN to draw client addresses from.
  98. # The server will take 10.8.0.1 for itself,
  99. # the rest will be made available to clients.
  100. # Each client will be able to reach the server
  101. # on 10.8.0.1. Comment this line out if you are
  102. # ethernet bridging. See the man page for more info.
  103. server 10.8.0.0 255.255.255.0
  104.  
  105. # Maintain a record of client <-> virtual IP address
  106. # associations in this file.  If OpenVPN goes down or
  107. # is restarted, reconnecting clients can be assigned
  108. # the same virtual IP address from the pool that was
  109. # previously assigned.
  110. ifconfig-pool-persist /etc/openvpn/ipp.txt
  111.  
  112. # Configure server mode for ethernet bridging.
  113. # You must first use your OS's bridging capability
  114. # to bridge the TAP interface with the ethernet
  115. # NIC interface.  Then you must manually set the
  116. # IP/netmask on the bridge interface, here we
  117. # assume 10.8.0.4/255.255.255.0.  Finally we
  118. # must set aside an IP range in this subnet
  119. # (start=10.8.0.50 end=10.8.0.100) to allocate
  120. # to connecting clients.  Leave this line commented
  121. # out unless you are ethernet bridging.
  122. ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
  123.  
  124. # Configure server mode for ethernet bridging
  125. # using a DHCP-proxy, where clients talk
  126. # to the OpenVPN server-side DHCP server
  127. # to receive their IP address allocation
  128. # and DNS server addresses.  You must first use
  129. # your OS's bridging capability to bridge the TAP
  130. # interface with the ethernet NIC interface.
  131. # Note: this mode only works on clients (such as
  132. # Windows), where the client-side TAP adapter is
  133. # bound to a DHCP client.
  134. ;server-bridge
  135.  
  136. # Push routes to the client to allow it
  137. # to reach other private subnets behind
  138. # the server.  Remember that these
  139. # private subnets will also need
  140. # to know to route the OpenVPN client
  141. # address pool (10.8.0.0/255.255.255.0)
  142. # back to the OpenVPN server.
  143. ;push "route 192.168.10.0 255.255.255.0"
  144. ;push "route 192.168.20.0 255.255.255.0"
  145.  
  146. # To assign specific IP addresses to specific
  147. # clients or if a connecting client has a private
  148. # subnet behind it that should also have VPN access,
  149. # use the subdirectory "ccd" for client-specific
  150. # configuration files (see man page for more info).
  151.  
  152. # EXAMPLE: Suppose the client
  153. # having the certificate common name "Thelonious"
  154. # also has a small subnet behind his connecting
  155. # machine, such as 192.168.40.128/255.255.255.248.
  156. # First, uncomment out these lines:
  157. client-config-dir ccd
  158.  
  159. ;route 192.168.40.128 255.255.255.248
  160. # Then create a file ccd/Thelonious with this line:
  161. #   iroute 192.168.40.128 255.255.255.248
  162. # This will allow Thelonious' private subnet to
  163. # access the VPN.  This example will only work
  164. # if you are routing, not bridging, i.e. you are
  165. # using "dev tun" and "server" directives.
  166.  
  167. # EXAMPLE: Suppose you want to give
  168. # Thelonious a fixed VPN IP address of 10.9.0.1.
  169. # First uncomment out these lines:
  170. ;client-config-dir ccd
  171. ;route 10.9.0.0 255.255.255.252
  172. # Then add this line to ccd/Thelonious:
  173. #   ifconfig-push 10.9.0.1 10.9.0.2
  174.  
  175. # Suppose that you want to enable different
  176. # firewall access policies for different groups
  177. # of clients.  There are two methods:
  178. # (1) Run multiple OpenVPN daemons, one for each
  179. #     group, and firewall the TUN/TAP interface
  180. #     for each group/daemon appropriately.
  181. # (2) (Advanced) Create a script to dynamically
  182. #     modify the firewall in response to access
  183. #     from different clients.  See man
  184. #     page for more info on learn-address script.
  185. ;learn-address ./script
  186.  
  187. # If enabled, this directive will configure
  188. # all clients to redirect their default
  189. # network gateway through the VPN, causing
  190. # all IP traffic such as web browsing and
  191. # and DNS lookups to go through the VPN
  192. # (The OpenVPN server machine may need to NAT
  193. # or bridge the TUN/TAP interface to the internet
  194. # in order for this to work properly).
  195. ;push "redirect-gateway def1 bypass-dhcp"
  196.  
  197. # Certain Windows-specific network settings
  198. # can be pushed to clients, such as DNS
  199. # or WINS server addresses.  CAVEAT:
  200. # http://openvpn.net/faq.html#dhcpcaveats
  201. # The addresses below refer to the public
  202. # DNS servers provided by opendns.com.
  203. ;push "dhcp-option DNS 208.67.222.222"
  204. ;push "dhcp-option DNS 208.67.220.220"
  205.  
  206. # Uncomment this directive to allow different
  207. # clients to be able to "see" each other.
  208. # By default, clients will only see the server.
  209. # To force clients to only see the server, you
  210. # will also need to appropriately firewall the
  211. # server's TUN/TAP interface.
  212. client-to-client
  213.  
  214. # Uncomment this directive if multiple clients
  215. # might connect with the same certificate/key
  216. # files or common names.  This is recommended
  217. # only for testing purposes.  For production use,
  218. # each client should have its own certificate/key
  219. # pair.
  220. #
  221. # IF YOU HAVE NOT GENERATED INDIVIDUAL
  222. # CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
  223. # EACH HAVING ITS OWN UNIQUE "COMMON NAME",
  224. # UNCOMMENT THIS LINE OUT.
  225. duplicate-cn
  226.  
  227. # The keepalive directive causes ping-like
  228. # messages to be sent back and forth over
  229. # the link so that each side knows when
  230. # the other side has gone down.
  231. # Ping every 10 seconds, assume that remote
  232. # peer is down if no ping received during
  233. # a 120 second time period.
  234. keepalive 10 120
  235.  
  236. # For extra security beyond that provided
  237. # by SSL/TLS, create an "HMAC firewall"
  238. # to help block DoS attacks and UDP port flooding.
  239. #
  240. # Generate with:
  241. #   openvpn --genkey --secret ta.key
  242. #
  243. # The server and each client must have
  244. # a copy of this key.
  245. # The second parameter should be '0'
  246. # on the server and '1' on the clients.
  247. tls-auth ta.key 0 # This file is secret
  248. key-direction 0
  249.  
  250. # Select a cryptographic cipher.
  251. # This config item must be copied to
  252. # the client config file as well.
  253. # Note that v2.4 client/server will automatically
  254. # negotiate AES-256-GCM in TLS mode.
  255. # See also the ncp-cipher option in the manpage
  256. cipher AES-256-CBC
  257. auth SHA256
  258.  
  259. # Enable compression on the VPN link and push the
  260. # option to the client (v2.4+ only, for earlier
  261. # versions see below)
  262. ;compress lz4-v2
  263. ;push "compress lz4-v2"
  264.  
  265. # For compression compatible with older clients use comp-lzo
  266. # If you enable it here, you must also
  267. # enable it in the client config file.
  268. ;comp-lzo
  269.  
  270. # The maximum number of concurrently connected
  271. # clients we want to allow.
  272. ;max-clients 100
  273.  
  274. # It's a good idea to reduce the OpenVPN
  275. # daemon's privileges after initialization.
  276. #
  277. # You can uncomment this out on
  278. # non-Windows systems.
  279. #user nobody
  280. #group nogroup
  281.  
  282. # The persist options will try to avoid
  283. # accessing certain resources on restart
  284. # that may no longer be accessible because
  285. # of the privilege downgrade.
  286. persist-key
  287. persist-tun
  288.  
  289. # Output a short status file showing
  290. # current connections, truncated
  291. # and rewritten every minute.
  292. status /var/log/openvpn/openvpn-status.log
  293.  
  294. # By default, log messages will go to the syslog (or
  295. # on Windows, if running as a service, they will go to
  296. # the "\Program Files\OpenVPN\log" directory).
  297. # Use log or log-append to override this default.
  298. # "log" will truncate the log file on OpenVPN startup,
  299. # while "log-append" will append to it.  Use one
  300. # or the other (but not both).
  301. log         /var/log/openvpn/openvpn.log
  302. ;log-append  /var/log/openvpn/openvpn.log
  303.  
  304. # Set the appropriate level of log
  305. # file verbosity.
  306. #
  307. # 0 is silent, except for fatal errors
  308. # 4 is reasonable for general usage
  309. # 5 and 6 can help to debug connection problems
  310. # 9 is extremely verbose
  311. verb 3
  312.  
  313. # Silence repeating messages.  At most 20
  314. # sequential messages of the same message
  315. # category will be output to the log.
  316. ;mute 20
  317.  
  318. # Notify the client that when the server restarts so it
  319. # can automatically reconnect.
  320. explicit-exit-notify 1
  321.  
  322. management localhost 7505
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top