API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 25th, 2017
79
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.45 KB | None | 0 0
raw download clone embed print report
  1. # cat /etc/openvpn/openvpn.conf
  2. server 10.186.35.0 255.255.255.0
  3. port 1194
  4. proto udp
  5. dev tun
  6. ca ca.crt
  7. cert server.crt
  8. key server.key
  9. dh dh1024.pem
  10. ifconfig-pool-persist ipp.txt
  11. #push "route 0.0.0.0 0.0.0.0"
  12. #push "redirect-gateway"
  13. push "redirect-gateway def1 bypass-dhcp"
  14. push "dhcp-option DNS 8.8.8.8"
  15. push "dhcp-option DNS 8.8.4.4"
  16. keepalive 10 120
  17. comp-lzo
  18. user nobody
  19. group users
  20. persist-key
  21. persist-tun
  22. status openvpn-status.log
  23. verb 3
  24. script-security 3
  25. auth-user-pass-verify /etc/openvpn/auth-chap via-env
  26. client-cert-not-required
  27. duplicate-cn
  28. management 127.0.0.1 5119
  29. script-security 3 system
  30. username-as-common-name
  31. client-connect /etc/openvpn/scripts/clientconnect.sh
  32. client-disconnect /etc/openvpn/scripts/clientdisconnect.sh
  33. log-append /var/log/openvpn.log
  34. log /var/log/openvpn.log
  35.  
  36. [...]
  37. --route-nopull
  38. When used with --client or --pull, accept options pushed by server EXCEPT for routes and
  39. dhcp options like DNS servers.
  40. When used on the client, this option effectively bars the server from adding routes to the
  41. client's routing table, however note that this option still allows the server to set the
  42. TCP/IP properties of the client's TUN/TAP interface.
  43. [...]
  44.  
  45. --client-config-dir dir
  46. Specify a directory dir for custom client config files. After a connecting client
  47. has been authenticated, OpenVPN will look in this directory for a file having the
  48. same name as the client's X509 common name. If a matching file exists, it will be
  49. opened and parsed for client-specific configuration options. If no matching file is
  50. found, OpenVPN will instead try to open and parse a default file called "DEFAULT",
  51. which may be provided but is not required. Note that the configuration files must
  52. be readable by the OpenVPN process after it has dropped it's root privileges.
  53. This file can specify a fixed IP address for a given client using --ifconfig-push, as
  54. well as fixed subnets owned by the client using --iroute.
  55. One of the useful properties of this option is that it allows client configuration
  56. files to be conveniently created, edited, or removed while the server is live, without
  57. needing to restart the server.
  58. The following options are legal in a client-specific context: --push, --push-reset,
  59. --iroute, --ifconfig-push, and --config.
  60.  
  61. [**** to be removed from the main config***]
  62. push "dhcp-option DNS 8.8.8.8"
  63. push "dhcp-option DNS 8.8.4.4"
  64.  
  65. [**** to be ADDED to the main config***]
  66. client-config-dir /etc/openvpn/userconf
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!