Last active
September 4, 2016 04:39
-
-
Save arobb/8bd249330749a53288d6508ff819e087 to your computer and use it in GitHub Desktop.
OpenVPN Server Config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # OpenVPN Configuration | |
| # Multiple files will start independent daemons | |
| # Basic options | |
| ## Logging | |
| log-append /var/log/openvpn.log | |
| verb 3 | |
| ## Listen port | |
| dev tun | |
| port <port default 1194> | |
| proto udp | |
| fast-io # Experimental, only applies to UDP on non-Windows | |
| ## Connection management | |
| keepalive 30 180 | |
| ping-timer-rem | |
| comp-lzo | |
| # Address range for VPN addressing | |
| server <base ip> <subnet mask> | |
| # Core security | |
| user nobody # Switch to this user after startup | |
| group nogroup # Switch to this group after startup | |
| persist-key # Hold key in mem to persist across restarts | |
| persist-tun # Hold tun in mem to persist across restarts | |
| chroot jail # /etc/openvpn/jail # Move daemon into filesystem 'jail' | |
| tmp-dir tmp # Initialized after chroot # Actually /etc/openvpn/jail/tmp | |
| # Certificate and Diffie Hellman configuration | |
| ca <ca cert file> | |
| cert <server cert file> | |
| key <server key file> | |
| dh <dh params file> | |
| tls-auth ta.key 0 | |
| # Encryption options | |
| tls-version-min 1.2 | |
| tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 | |
| cipher AES-256-CBC | |
| auth SHA512 | |
| reneg-sec 180 | |
| # Client configuration | |
| push "redirect-gateway def1" | |
| push "redirect-gateway ipv6" | |
| push "dhcp-option DNS 8.8.8.8" | |
| push "dhcp-option DNS 8.8.4.4" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment