55 lines
1.2 KiB
Plaintext
55 lines
1.2 KiB
Plaintext
mode server
|
|
daemon
|
|
tls-server
|
|
proto tcp
|
|
port 443
|
|
local 192.168.99.111
|
|
client-config-dir /opt/openvpn/ccd
|
|
script-security 3
|
|
writepid /var/run/openvpn-server/myopenvpn-443.pid
|
|
|
|
; ciphers
|
|
tls-cipher "DEFAULT:@SECLEVEL=0"
|
|
tls-version-min 1.0
|
|
providers legacy default
|
|
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC
|
|
|
|
; tunnel configuration
|
|
dev tap1
|
|
server-bridge 10.3.5.10 255.255.0.0 10.3.6.1 10.3.7.254
|
|
passtos
|
|
comp-lzo
|
|
persist-key
|
|
persist-tun
|
|
persist-local-ip
|
|
persist-remote-ip
|
|
|
|
; loggin and status
|
|
ifconfig-pool-persist /opt/openvpn/leases/openvpn-443.leases
|
|
status-version 2
|
|
status /opt/openvpn/status/openvpnserver-status-443.log 5;
|
|
verb 3
|
|
client-connect /opt/openvpn/scripts/logon.sh
|
|
client-disconnect /opt/openvpn/scripts/logoff.sh
|
|
|
|
; routing
|
|
;push "route 10.3.0.0 255.255.0.0"
|
|
|
|
; management
|
|
management localhost 6667
|
|
|
|
; certificates and authentication
|
|
dh /opt/openvpn/private/dh2048.pem
|
|
ca /opt/openvpn/ca/cacert.pem
|
|
cert /opt/openvpn/certs/ewon.rychiger.com-cert.pem
|
|
key /opt/openvpn/private/ewon.rychiger.com-key.pem
|
|
verify-client-cert none
|
|
username-as-common-name
|
|
auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env
|
|
;client-to-client
|
|
keepalive 10 60
|
|
max-clients 50
|
|
|
|
; explicit exit
|
|
push "explicit-exit-notify"
|