nbrownus · October 30, 2015 23:50
diff --git a/openvpn server side b/openvpn server side
 port <PICK A PORT>
 proto udp
 dev tun

 ca ca.bundle.crt
 cert server.crt
 key private/server.key

 dh dh2048.pem

 server 172.16.0.0 255.255.0.0
 topology subnet

 ifconfig-pool-persist ipp.txt

 push "route 10.0.0.0 255.255.0.0"

 keepalive 10 120

 tls-version-min 1.0
 auth SHA256
 tls-cipher TLS-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA
 cipher AES-256-CBC
 #You should really have 1 cert per device, if not enable this
 #duplicate-cn

 comp-lzo

 user nobody
 group nogroup

 persist-key
 persist-tun

 status /var/log/openvpn-status.log

 verb 3

 # Require re-auth every 24 hours
 reneg-sec 86400
	port <PICK A PORT>
	proto udp
	dev tun

	ca ca.bundle.crt
	cert server.crt
	key private/server.key

	dh dh2048.pem

	server 172.16.0.0 255.255.0.0
	topology subnet

	ifconfig-pool-persist ipp.txt

	push "route 10.0.0.0 255.255.0.0"

	keepalive 10 120

	tls-version-min 1.0
	auth SHA256
	tls-cipher TLS-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA
	cipher AES-256-CBC
	#You should really have 1 cert per device, if not enable this
	#duplicate-cn

	comp-lzo

	user nobody
	group nogroup

	persist-key
	persist-tun

	status /var/log/openvpn-status.log

	verb 3

	# Require re-auth every 24 hours
	reneg-sec 86400