Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- openvpn.conf
- port 1194
- proto udp4
- dev tun
- ca ######.crt
- cert ######.crt
- key ######.key
- dh ######.pem
- server 10.8.0.0 255.255.255.0
- ifconfig-pool-persist /root/openvpn-configs/server/ipp.txt
- push "route 192.168.1.0 255.255.255.0"
- keepalive 10 120
- tls-auth ######.key 0
- remote-cert-tls client
- cipher AES-256-CBC
- user nobody
- group nobody
- persist-key
- persist-tun
- status openvpn-status.log
- verb 3
- explicit-exit-notify 1
- ====================================================================================
- ipfw.rules
- #!/bin/sh
- EPAIR=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep epair)
- ipfw -q -f flush
- ipfw -q nat 1 config if ${EPAIR}
- ipfw -q add nat 1 all from 10.8.0.0/24 to any out via ${EPAIR}
- ipfw -q add nat 1 all from any to any in via ${EPAIR}
- TUN=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep tun)
- ifconfig ${TUN} name tun0
- # Fix for:
- # OpenVPN openvpn[53987]: TUN/TAP device tun0 exists previously, keep at program end
- # OpenVPN openvpn[53987]: Cannot open TUN/TAP dev /dev/tun0: Device busy (errno=16)
- ifconfig tun create
- TUN1=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep tun | tail -1)
- ifconfig ${TUN1} name tun1
- ====================================================================================
- rc.conf
- hostname="OpenVPN"
- cron_flags="$cron_flags -J 15"
- # Disable Sendmail by default
- sendmail_enable="NO"
- sendmail_submit_enable="NO"
- sendmail_outbound_enable="NO"
- sendmail_msp_queue_enable="NO"
- # Run secure syslog
- syslogd_flags="-c -ss"
- # Enable IPv6
- ipv6_activate_all_interfaces="NO"
- openvpn_enable="YES"
- openvpn_if="tun"
- openvpn_configfile="######/openvpn.conf"
- openvpn_dir="######"
- cloned_interfaces="tun"
- gateway_enable="YES"
- firewall_enable="YES"
- firewall_script="######/ipfw.rules"
- ====================================================================================
- openvpn client config
- ##############################################
- # Sample client-side OpenVPN 2.0 config file #
- # for connecting to multi-client server. #
- # #
- # This configuration can be used by multiple #
- # clients, however each client should have #
- # its own cert and key files. #
- # #
- # On Windows, you might want to rename this #
- # file so it has a .ovpn extension #
- ##############################################
- # Specify that we are a client and that we
- # will be pulling certain config file directives
- # from the server.
- client
- # Use the same setting as you are using on
- # the server.
- # On most systems, the VPN will not function
- # unless you partially or fully disable
- # the firewall for the TUN/TAP interface.
- ;dev tap
- dev tun
- # Windows needs the TAP-Win32 adapter name
- # from the Network Connections panel
- # if you have more than one. On XP SP2,
- # you may need to disable the firewall
- # for the TAP adapter.
- ;dev-node MyTap
- # Are we connecting to a TCP or
- # UDP server? Use the same setting as
- # on the server.
- ;proto tcp
- proto udp
- # The hostname/IP and port of the server.
- # You can have multiple remote entries
- # to load balance between the servers.
- remote my-server-1 1194
- ;remote my-server-2 1194
- # Choose a random host from the remote
- # list for load-balancing. Otherwise
- # try hosts in the order specified.
- ;remote-random
- # Keep trying indefinitely to resolve the
- # host name of the OpenVPN server. Very useful
- # on machines which are not permanently connected
- # to the internet such as laptops.
- resolv-retry infinite
- # Most clients don't need to bind to
- # a specific local port number.
- nobind
- # Downgrade privileges after initialization (non-Windows only)
- ;user nobody
- ;group nobody
- # Try to preserve some state across restarts.
- persist-key
- persist-tun
- # If you are connecting through an
- # HTTP proxy to reach the actual OpenVPN
- # server, put the proxy server/IP and
- # port number here. See the man page
- # if your proxy server requires
- # authentication.
- ;http-proxy-retry # retry on connection failures
- ;http-proxy [proxy server] [proxy port #]
- # Wireless networks often produce a lot
- # of duplicate packets. Set this flag
- # to silence duplicate packet warnings.
- ;mute-replay-warnings
- # SSL/TLS parms.
- # See the server config file for more
- # description. It's best to use
- # a separate .crt/.key file pair
- # for each client. A single ca
- # file can be used for all clients.
- ca ca.crt
- cert client.crt
- key client.key
- # Verify server certificate by checking that the
- # certicate has the correct key usage set.
- # This is an important precaution to protect against
- # a potential attack discussed here:
- # http://openvpn.net/howto.html#mitm
- #
- # To use this feature, you will need to generate
- # your server certificates with the keyUsage set to
- # digitalSignature, keyEncipherment
- # and the extendedKeyUsage to
- # serverAuth
- # EasyRSA can do this for you.
- remote-cert-tls server
- # If a tls-auth key is used on the server
- # then every client must also have the key.
- tls-auth ta.key 1
- # Select a cryptographic cipher.
- # If the cipher option is used on the server
- # then you must also specify it here.
- # Note that v2.4 client/server will automatically
- # negotiate AES-256-GCM in TLS mode.
- # See also the ncp-cipher option in the manpage
- cipher AES-256-CBC
- # Enable compression on the VPN link.
- # Don't enable this unless it is also
- # enabled in the server config file.
- #comp-lzo
- # Set log file verbosity.
- verb 3
- # Silence repeating messages
- ;mute 20
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
