-
-
Notifications
You must be signed in to change notification settings - Fork 38
/
server.conf
executable file
·52 lines (38 loc) · 1.05 KB
/
server.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
management 0.0.0.0 2080
port 1194
proto udp
#proto tcp
dev tun
ca pki/ca.crt
cert pki/issued/server.crt
key pki/private/server.key
# cipher AES-256-CBC # Deprecated since v.0.3. we are using GCM now.
cipher AES-256-GCM
auth SHA512
dh pki/dh.pem
server 10.0.70.0 255.255.255.0
route 10.0.71.0 255.255.255.0
ifconfig-pool-persist pki/ipp.txt
push "route 10.0.60.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 1.0.0.1"
keepalive 10 120
max-clients 100
persist-key
persist-tun
log /var/log/openvpn/openvpn.log
verb 4
topology subnet
client-config-dir /etc/openvpn/staticclients
push "redirect-gateway def1 bypass-dhcp"
#ncp-ciphers AES-256-GCM:AES-192-GCM:AES-128-GCM # Deprecated since v.0.3. we have to use data-ciphers below instead
data-ciphers AES-256-GCM:AES-192-GCM:AES-128-GCM
user nobody
group nogroup
status /var/log/openvpn/openvpn-status.log
explicit-exit-notify 1
crl-verify pki/crl.pem
# 2FA Auth part
# script-security 2
# auth-user-pass-verify /opt/app/oath.sh via-file
# Default openvpn-server configuration file