-
-
Save bbhoss/964f6ffbe293ac99e592 to your computer and use it in GitHub Desktop.
Sample simple openvpn config for bastion with routing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| port 1194 | |
| proto udp | |
| dev tun | |
| # Your keys and certs. Relative paths should work here as well | |
| ca /opt/local/etc/openvpn/easy-rsa/2.0/keys/ca.crt | |
| cert /opt/local/etc/openvpn/easy-rsa/2.0/keys/server.crt | |
| key /opt/local/etc/openvpn/easy-rsa/2.0/keys/server.key | |
| dh /opt/local/etc/openvpn/easy-rsa/2.0/keys/dh1024.pem | |
| # This will be the internal tun0 connection IP - choose whatever you want | |
| server 10.100.10.0 255.255.255.0 | |
| ifconfig-pool-persist ipp.txt | |
| # This will send all of a client's traffic to the private vlans through the tunnel | |
| push "route 10.200.169.0 255.255.255.0" | |
| push "route 10.200.158.0 255.255.255.0" | |
| push "route 10.100.10.0 255.255.255.0" | |
| keepalive 10 120 | |
| # Compression - MUST be turned on at both ends. Should be an option on client side as well | |
| comp-lzo | |
| persist-key | |
| persist-tun | |
| # Prevent revoked certificates from accessing vpn | |
| crl-verify easy-rsa/2.0/keys/crl.pem | |
| status log/openvpn-status.log | |
| # Verbose, good for testing. Switch to 3 in production. | |
| verb 3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment