Created
July 25, 2015 13:00
-
-
Save shellexy/dbe8dee7dc5a8cbf6f73 to your computer and use it in GitHub Desktop.
这个 /etc/openvpn/server.conf 配置带了墙外地址路由,不影响国内网站
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| local 192.168.1.101 #这里替换成你的vps的IP# | |
| port 10037 #相应的端口 | |
| proto udp | |
| dev tun | |
| ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt | |
| cert /etc/openvpn/easy-rsa/2.0/keys/server.crt | |
| key /etc/openvpn/easy-rsa/2.0/keys/server.key | |
| dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem | |
| ifconfig-pool-persist ipp.txt | |
| server 10.168.2.0 255.255.255.0 #客户端使用的IP段,不要与你本机的网段冲突# | |
| ;push "redirect-gateway" | |
| push "dhcp-option DNS 8.8.8.8" | |
| push "dhcp-option DNS 8.8.4.4" | |
| push "route 172.68.2.0 255.255.255.0 vpn_gateway" | |
| push "route 3.0.0.0 255.0.0.0 vpn_gateway" | |
| push "route 4.0.0.0 255.0.0.0 vpn_gateway" | |
| push "route 8.0.0.0 255.0.0.0 vpn_gateway" | |
| push "route 17.0.0.0 255.0.0.0 vpn_gateway" | |
| push "route 198.0.0.0 255.0.0.0 vpn_gateway" | |
| push "route 209.0.0.0 255.0.0.0 vpn_gateway" | |
| push "route 210.0.0.0 255.0.0.0 vpn_gateway" | |
| push "route 216.0.0.0 255.0.0.0 vpn_gateway" | |
| push "route 61.0.0.0 255.0.0.0 vpn_gateway" | |
| push "route 64.0.0.0 255.0.0.0 vpn_gateway" | |
| push "route 66.0.0.0 255.0.0.0 vpn_gateway" | |
| push "route 70.0.0.0 255.0.0.0 vpn_gateway" | |
| push "route 72.0.0.0 255.0.0.0 vpn_gateway" | |
| push "route 74.0.0.0 255.0.0.0 vpn_gateway" | |
| push "route 173.0.0.0 255.0.0.0 vpn_gateway" | |
| push "route 204.0.0.0 255.0.0.0 vpn_gateway" | |
| push "route 69.0.0.0 255.0.0.0 vpn_gateway" | |
| push "route 199.0.0.0 255.0.0.0 vpn_gateway" | |
| push "route 203.0.0.0 255.0.0.0 vpn_gateway" | |
| push "route 31.0.0.0 255.0.0.0 vpn_gateway" | |
| push "route 69.58.0.0 255.255.0.0 vpn_gateway" | |
| push "route 46.0.0.0 255.0.0.0 vpn_gateway" | |
| push "route 107.0.0.0 255.0.0.0 vpn_gateway" | |
| ;client-to-client # 注释使得客户端不能直接相互访问 | |
| duplicate-cn # 允许多个相同 Common Name 的客户端同时登陆 | |
| keepalive 30 120 # 设置服务端检测的间隔和超时时间 每 30 秒 ping 一次,如果 120 秒没有回应则认为对方已经 down | |
| ;cipher BF-CBC # 默认就用加密算法 Blowfish | |
| comp-lzo | |
| max-clients 50 | |
| persist-key # 通过keepalive检测超时后,重新启动VPN,不重新读取keys,保留第一次使用的keys | |
| ;persist-tun # 通过keepalive检测超时后,重新启动VPN,一直保持tun或者tap设备是linkup的,否则网络连接会先linkdown然后linkup | |
| status openvpn-status.log | |
| log-append openvpn.log | |
| verb 3 | |
| mute 20 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment