Created
March 26, 2017 10:16
-
-
Save dboyd13/57236de22d7d0ef1e5494977d0820450 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| port 443 #Listen on port 443 - change if you like | |
| proto tcp #Use TCP - change to UDP if you prefer | |
| dev tun #Use tun interface - this is recommeded for most use cases | |
| ca ca.crt #Read CA cert/pub key from ca.crt (not-secret) | |
| cert server.crt #Read server cert/pub key from server.crt (not-secret) | |
| key server.key #Read server private key from server.key (SECRET!) | |
| dh dh2048.pem #Read Diffie Hellan (DH) parms from db2048.pem | |
| server 10.8.0.0 255.255.255.248 #IP range for clients - change if you like | |
| push "topology subnet" #Recommended topology | |
| ifconfig-pool-persist ipp.txt #Will try give the same ip to clients every connection | |
| push "redirect-gateway def1" #Override default gateway of client on client | |
| push "dhcp-option DNS 8.8.8.8" #Primary DNS server for clients | |
| push "dhcp-option DNS 8.8.4.4" #Secondary DNS server for clients | |
| keepalive 10 120 #Keep alive params | |
| tls-auth ta.key 0 #Enable additional HMAC auth, reads OpenVPN static key from ta.key | |
| comp-lzo #Enable fast LZO compression | |
| user nobody #Set unpriv'd user | |
| group nogroup #Set unpriv'd group | |
| persist-key # Don't re-read key files on ping restart / SIGUSR1 | |
| persist-tun # Don't close/reopen tun inteface on ping restart / SIGUSR1 | |
| status openvpn-status.log #Write operational status to this file | |
| verb 3 #Enable level 3 debugging verbosity | |
| plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login #ChromeOS wants username and password so MAY need this - I'm not convinced |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment