peterhost · August 1, 2012 00:43
diff --git a/ccd.md b/ccd.md
diff --git a/cient1.conf b/cient1.conf
 client
 float
 resolv-retry infinite
 nobind
 persist-key
 persist-tun
 ca /etc/openvpn/keys/ca.crt
 cert /etc/openvpn/keys/amen-pro6000-wpc0920.crt
 key /etc/openvpn/keys/amen-pro6000-wpc0920.key
 ns-cert-type server
 tls-auth /etc/openvpn/keys/ta.key 1
 cipher AES-256-CBC
 verb 6
 log /etc/openvpn/log/openvpn.log

 user nobody
 group nogroup


 dev tun
 tls-client
 remote openvpn.mydomain.fr 1194
 pull
 proto udp
 comp-lzo
 #script-security 2
 reneg-sec 0
 explicit-exit-notify
diff --git a/client2.conf b/client2.conf
 client
 float
 resolv-retry infinite
 nobind
 persist-key
 persist-tun

 ca /usr/syno/etc/synovpnclient/openvpn/keys/ca.crt
 cert /usr/syno/etc/synovpnclient/openvpn/keys/syna-nas-paris.crt
 key /usr/syno/etc/synovpnclient/openvpn/keys/syna-nas-paris.key
 ns-cert-type server
 tls-auth /usr/syno/etc/synovpnclient/openvpn/keys/ta.key 1
 cipher AES-256-CBC
 verb 6
 log /usr/syno/etc/synovpnclient/openvpn/openvpn.log
 
 dev tun
 tls-client
 remote openvpn.mydomain.fr 1194
 pull
 proto udp
 comp-lzo
 script-security 2
 reneg-sec 0
 explicit-exit-notify
diff --git a/iptables -L on the server b/iptables -L on the server
 Chain INPUT (policy ACCEPT)
 target     prot opt source               destination         
 ACCEPT     all  --  anywhere             anywhere            

 Chain FORWARD (policy ACCEPT)
 target     prot opt source               destination         
 ACCEPT     all  --  anywhere             anywhere            
 ACCEPT     all  --  anywhere             anywhere   
diff --git a/server.conf b/server.conf
 #Server has public IP bound to ETH0 in a /27 subnet (pool of 32 public IPs), is in a DMZ, UDP 1994 relayed to/from internet by IPCOP firewall
 local 62.244.**.**

 port 1194

 ;proto tcp
 proto udp

 dev tun
 ca /etc/openvpn/ca.crt
 cert /etc/openvpn/syna-linux1.crt
 key /etc/openvpn/syna-linux1.key  
 dh /etc/openvpn/dh2048.pem


 server 10.20.30.0 255.255.255.0


 push "route 10.20.30.0" "255.255.255.0"

 ;ifconfig-pool-persist ipp.txt

 client-config-dir /etc/openvpn/ccd
 ccd-exclusive
 ;client-to-client

 keepalive 10 120
 tls-auth /etc/openvpn/ta.key 0 
 cipher AES-256-CBC

 comp-lzo

 user nobody
 group nogroup

 persist-key
 persist-tun

 status /etc/openvpn/log/openvpn-status.log

 log /etc/openvpn/log/openvpn.log
 ;log-append  openvpn.log

 verb 5
	client
	float
	resolv-retry infinite
	nobind
	persist-key
	persist-tun
	ca /etc/openvpn/keys/ca.crt
	cert /etc/openvpn/keys/amen-pro6000-wpc0920.crt
	key /etc/openvpn/keys/amen-pro6000-wpc0920.key
	ns-cert-type server
	tls-auth /etc/openvpn/keys/ta.key 1
	cipher AES-256-CBC
	verb 6
	log /etc/openvpn/log/openvpn.log

	user nobody
	group nogroup


	dev tun
	tls-client
	remote openvpn.mydomain.fr 1194
	pull
	proto udp
	comp-lzo
	#script-security 2
	reneg-sec 0
	explicit-exit-notify
	Chain INPUT (policy ACCEPT)
	target prot opt source destination
	ACCEPT all -- anywhere anywhere

	Chain FORWARD (policy ACCEPT)
	target prot opt source destination
	ACCEPT all -- anywhere anywhere
	ACCEPT all -- anywhere anywhere
	#Server has public IP bound to ETH0 in a /27 subnet (pool of 32 public IPs), is in a DMZ, UDP 1994 relayed to/from internet by IPCOP firewall
	local 62.244..

	port 1194

	;proto tcp
	proto udp

	dev tun
	ca /etc/openvpn/ca.crt
	cert /etc/openvpn/syna-linux1.crt
	key /etc/openvpn/syna-linux1.key
	dh /etc/openvpn/dh2048.pem


	server 10.20.30.0 255.255.255.0


	push "route 10.20.30.0" "255.255.255.0"

	;ifconfig-pool-persist ipp.txt

	client-config-dir /etc/openvpn/ccd
	ccd-exclusive
	;client-to-client

	keepalive 10 120
	tls-auth /etc/openvpn/ta.key 0
	cipher AES-256-CBC

	comp-lzo

	user nobody
	group nogroup

	persist-key
	persist-tun

	status /etc/openvpn/log/openvpn-status.log

	log /etc/openvpn/log/openvpn.log
	;log-append openvpn.log

	verb 5