Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
port 443 #Listen on port 443 - change if you like
proto tcp #Use TCP - change to UDP if you prefer
dev tun #Use tun interface - this is recommeded for most use cases
ca ca.crt #Read CA cert/pub key from ca.crt (not-secret)
cert server.crt #Read server cert/pub key from server.crt (not-secret)
key server.key #Read server private key from server.key (SECRET!)
dh dh2048.pem #Read Diffie Hellan (DH) parms from db2048.pem
server 10.8.0.0 255.255.255.248 #IP range for clients - change if you like
push "topology subnet" #Recommended topology
ifconfig-pool-persist ipp.txt #Will try give the same ip to clients every connection
push "redirect-gateway def1" #Override default gateway of client on client
push "dhcp-option DNS 8.8.8.8" #Primary DNS server for clients
push "dhcp-option DNS 8.8.4.4" #Secondary DNS server for clients
keepalive 10 120 #Keep alive params
tls-auth ta.key 0 #Enable additional HMAC auth, reads OpenVPN static key from ta.key
comp-lzo #Enable fast LZO compression
user nobody #Set unpriv'd user
group nogroup #Set unpriv'd group
persist-key # Don't re-read key files on ping restart / SIGUSR1
persist-tun # Don't close/reopen tun inteface on ping restart / SIGUSR1
status openvpn-status.log #Write operational status to this file
verb 3 #Enable level 3 debugging verbosity
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login #ChromeOS wants username and password so MAY need this - I'm not convinced
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment