Created
April 30, 2023 16:31
-
-
Save LuisPalacios/c60fc46dfc2867aa716820b63cd30b2e to your computer and use it in GitHub Desktop.
Fichero de configuración de Access Server OpenVPN
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Fichero de configuración de Access Server OpenVPN. | |
## /etc/openvpn/server/muro_access_server.conf | |
## | |
## Este fichero está relacionado con este apunte: | |
## http://www.luispa.com/administración/2023/04/08/networking-avanzado.html | |
## | |
# Server (Servidor de Acceso) exponiendo el siguiente | |
# rango dentro del tunel. Escucho en un puerto cualquiera libre. | |
server 192.168.222.0 255.255.255.0 | |
port 4444 | |
# Expongo el device tun1 y uso udp como protocolo. | |
dev tun1 | |
proto udp | |
# Resto de parámetros del servidor | |
comp-lzo | |
persist-key | |
persist-tun | |
client-to-client | |
topology subnet | |
keepalive 10 120 | |
# Opciones de los túneles | |
sndbuf 512000 | |
rcvbuf 512000 | |
push "sndbuf 512000" | |
push "rcvbuf 512000" | |
txqueuelen 2000 | |
tun-mtu 1400 | |
mssfix 1360 | |
# Mis claves de servidor | |
ca keys/muro.ca.crt | |
cert keys/muro.crt | |
key keys/muro.key | |
dh keys/muro.dh.pem | |
# Nivel extra de seguridad, firmo con HMAC el handshake SSL/TLS | |
tls-auth keys/muro.ta.key 0 | |
# Rutas y DNS server que voy a exponer a mis clientes. | |
# Si quiero exponar mi "LAN" quito el comentario | |
#push "route 192.168.1.0 255.255.255.0" | |
# Si quiero forzar a que los clientes usen mi DNS Server | |
#push "dhcp-option DNS 192.168.1.224" | |
# Ficheros de configuración de los clientes | |
ifconfig-pool-persist /etc/openvpn/server/ipp.txt | |
client-config-dir /etc/openvpn/server/ccd | |
# Ficheros de log y estado | |
status /etc/openvpn/server/muro_access_server.status.log | |
log /etc/openvpn/server/muro_access_server.log | |
verb 4 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment