#
# Sample OpenVPN configuration file for
# home using SSL/TLS mode and RSA certificates/keys.
#
# '#' or ';' may be used to delimit comments.
# Use a dynamic tun device.
# For Linux 2.2 or non-Linux OSes,
# you may want to use an explicit
# unit number such as "tun1".
# OpenVPN also supports virtual
# ethernet "tap" devices.
dev tun
server 10.208.0.0 255.255.0.0
proto udp
# 10.1.0.2 is our local VPN endpoint (home).
# 10.1.0.1 is our remote VPN endpoint (office).
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS BROADCAST MULTICAST MTU:1500 Metric:1"
push "dhcp-option DNS 8.8.8.8"
push "reneg-sec 0"
push "rcvbuf 262144"
push "sndbuf 262144"
# Our up script will establish routes
# once the VPN is alive.
; up ./internal.routes
script-security 2 execve
client-connect /usr/local/bin/openvpn.updown.sh
client-disconnect /usr/local/bin/openvpn.updown.sh
# Diffie-Hellman Parameters (tls-server only)
dh /etc/openvpn/external-keys/dh1024.pem
# Certificate Authority file
ca /etc/openvpn/external-keys/ca.crt
# Our certificate/public key
cert /etc/openvpn/external-keys/openvpn.vpnunlimitedapp.com.crt
# Our private key
key /etc/openvpn/external-keys/openvpn.vpnunlimitedapp.com.key
# OpenVPN 2.0 uses UDP port 1194 by default
# (official port assignment by iana.org 11/04).
# OpenVPN 1.x uses UDP port 5000 by default.
# Each OpenVPN tunnel must use
# a different port number.
# lport or rport can be used
# to denote different ports
# for local and remote.
port 443
# Downgrade UID and GID to
# "nobody" after initialization
# for extra security.
; user nobody
; group nogroup
# If you built OpenVPN with
# LZO compression, uncomment
# out the following line.
comp-lzo
# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
ping 5
ping-restart 60
push "ping 5"
push "ping-exit 30"
#keepalive 10 120
# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
;tls-auth /etc/openvpn/external-keys/ta.key 0 # This file is secret
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status openvpn-status-udp-443.log 10
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
log-append /var/log/openvpn-external-udp-443.log
# Send a UDP ping to remote once
# every 15 seconds to keep
# stateful firewall connection
# alive. Uncomment this
# out if you are using a stateful
# firewall.
; ping 15
# Uncomment this section for a more reliable detection when a system
# loses its connection. For example, dial-ups or laptops that
# travel to other locations.
; ping 15
; ping-restart 45
; ping-timer-rem
; persist-tun
; persist-key
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 3
# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
mute 20
management /var/run/openvpn-udp-443.sock unix
#management 127.0.0.1 9868
reneg-sec 0
rcvbuf 262144
sndbuf 262144
Какой то конфиг OpenVPN
Подписаться на:
Комментарии к сообщению (Atom)
Комментариев нет:
Отправить комментарий