Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # cat /etc/openvpn/openvpn.conf
- server 10.186.35.0 255.255.255.0
- port 1194
- proto udp
- dev tun
- ca ca.crt
- cert server.crt
- key server.key
- dh dh1024.pem
- ifconfig-pool-persist ipp.txt
- #push "route 0.0.0.0 0.0.0.0"
- #push "redirect-gateway"
- push "redirect-gateway def1 bypass-dhcp"
- push "dhcp-option DNS 8.8.8.8"
- push "dhcp-option DNS 8.8.4.4"
- keepalive 10 120
- comp-lzo
- user nobody
- group users
- persist-key
- persist-tun
- status openvpn-status.log
- verb 3
- script-security 3
- auth-user-pass-verify /etc/openvpn/auth-chap via-env
- client-cert-not-required
- duplicate-cn
- management 127.0.0.1 5119
- script-security 3 system
- username-as-common-name
- client-connect /etc/openvpn/scripts/clientconnect.sh
- client-disconnect /etc/openvpn/scripts/clientdisconnect.sh
- log-append /var/log/openvpn.log
- log /var/log/openvpn.log
- [...]
- --route-nopull
- When used with --client or --pull, accept options pushed by server EXCEPT for routes and
- dhcp options like DNS servers.
- When used on the client, this option effectively bars the server from adding routes to the
- client's routing table, however note that this option still allows the server to set the
- TCP/IP properties of the client's TUN/TAP interface.
- [...]
- --client-config-dir dir
- Specify a directory dir for custom client config files. After a connecting client
- has been authenticated, OpenVPN will look in this directory for a file having the
- same name as the client's X509 common name. If a matching file exists, it will be
- opened and parsed for client-specific configuration options. If no matching file is
- found, OpenVPN will instead try to open and parse a default file called "DEFAULT",
- which may be provided but is not required. Note that the configuration files must
- be readable by the OpenVPN process after it has dropped it's root privileges.
- This file can specify a fixed IP address for a given client using --ifconfig-push, as
- well as fixed subnets owned by the client using --iroute.
- One of the useful properties of this option is that it allows client configuration
- files to be conveniently created, edited, or removed while the server is live, without
- needing to restart the server.
- The following options are legal in a client-specific context: --push, --push-reset,
- --iroute, --ifconfig-push, and --config.
- [**** to be removed from the main config***]
- push "dhcp-option DNS 8.8.8.8"
- push "dhcp-option DNS 8.8.4.4"
- [**** to be ADDED to the main config***]
- client-config-dir /etc/openvpn/userconf
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement