Instantly share code, notes, and snippets.

@bbhoss /openvpn.conf Secret
Created Mar 11, 2015

Embed
What would you like to do?
Sample simple openvpn config for bastion with routing
port 1194
proto udp
dev tun
# Your keys and certs. Relative paths should work here as well
ca /opt/local/etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /opt/local/etc/openvpn/easy-rsa/2.0/keys/server.crt
key /opt/local/etc/openvpn/easy-rsa/2.0/keys/server.key
dh /opt/local/etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
# This will be the internal tun0 connection IP - choose whatever you want
server 10.100.10.0 255.255.255.0
ifconfig-pool-persist ipp.txt
# This will send all of a client's traffic to the private vlans through the tunnel
push "route 10.200.169.0 255.255.255.0"
push "route 10.200.158.0 255.255.255.0"
push "route 10.100.10.0 255.255.255.0"
keepalive 10 120
# Compression - MUST be turned on at both ends. Should be an option on client side as well
comp-lzo
persist-key
persist-tun
# Prevent revoked certificates from accessing vpn
crl-verify easy-rsa/2.0/keys/crl.pem
status log/openvpn-status.log
# Verbose, good for testing. Switch to 3 in production.
verb 3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment