peterhost/ccd.md

## ccd.md

      
    Raw
  

              ccd.md
            
          
    ccd dir :
$ cat client1
ifconfig-push 10.20.30.21 10.20.30.22

$ cat client2
ifconfig-push 10.20.30.17 10.20.30.18


## cient1.conf
client
float
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/amen-pro6000-wpc0920.crt
key /etc/openvpn/keys/amen-pro6000-wpc0920.key
ns-cert-type server
tls-auth /etc/openvpn/keys/ta.key 1
cipher AES-256-CBC
verb 6
log /etc/openvpn/log/openvpn.log

user nobody
group nogroup


dev tun
tls-client
remote openvpn.mydomain.fr 1194
pull
proto udp
comp-lzo
#script-security 2
reneg-sec 0
explicit-exit-notify

## client2.conf
client
float
resolv-retry infinite
nobind
persist-key
persist-tun

ca /usr/syno/etc/synovpnclient/openvpn/keys/ca.crt
cert /usr/syno/etc/synovpnclient/openvpn/keys/syna-nas-paris.crt
key /usr/syno/etc/synovpnclient/openvpn/keys/syna-nas-paris.key
ns-cert-type server
tls-auth /usr/syno/etc/synovpnclient/openvpn/keys/ta.key 1
cipher AES-256-CBC
verb 6
log /usr/syno/etc/synovpnclient/openvpn/openvpn.log

dev tun
tls-client
remote openvpn.mydomain.fr 1194
pull
proto udp
comp-lzo
script-security 2
reneg-sec 0
explicit-exit-notify

## iptables -L on the server
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

## server.conf
#Server has public IP bound to ETH0 in a /27 subnet (pool of 32 public IPs), is in a DMZ, UDP 1994 relayed to/from internet by IPCOP firewall
local 62.244.**.**

port 1194

;proto tcp
proto udp

dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/syna-linux1.crt
key /etc/openvpn/syna-linux1.key
dh /etc/openvpn/dh2048.pem


server 10.20.30.0 255.255.255.0


push "route 10.20.30.0" "255.255.255.0"

;ifconfig-pool-persist ipp.txt

client-config-dir /etc/openvpn/ccd
ccd-exclusive
;client-to-client

keepalive 10 120
tls-auth /etc/openvpn/ta.key 0
cipher AES-256-CBC

comp-lzo

user nobody
group nogroup

persist-key
persist-tun

status /etc/openvpn/log/openvpn-status.log

log /etc/openvpn/log/openvpn.log
;log-append  openvpn.log

verb 5
	client
	float
	resolv-retry infinite
	nobind
	persist-key
	persist-tun
	ca /etc/openvpn/keys/ca.crt
	cert /etc/openvpn/keys/amen-pro6000-wpc0920.crt
	key /etc/openvpn/keys/amen-pro6000-wpc0920.key
	ns-cert-type server
	tls-auth /etc/openvpn/keys/ta.key 1
	cipher AES-256-CBC
	verb 6
	log /etc/openvpn/log/openvpn.log

	user nobody
	group nogroup


	dev tun
	tls-client
	remote openvpn.mydomain.fr 1194
	pull
	proto udp
	comp-lzo
	#script-security 2
	reneg-sec 0
	explicit-exit-notify
	Chain INPUT (policy ACCEPT)
	target prot opt source destination
	ACCEPT all -- anywhere anywhere

	Chain FORWARD (policy ACCEPT)
	target prot opt source destination
	ACCEPT all -- anywhere anywhere
	ACCEPT all -- anywhere anywhere
	#Server has public IP bound to ETH0 in a /27 subnet (pool of 32 public IPs), is in a DMZ, UDP 1994 relayed to/from internet by IPCOP firewall
	local 62.244..

	port 1194

	;proto tcp
	proto udp

	dev tun
	ca /etc/openvpn/ca.crt
	cert /etc/openvpn/syna-linux1.crt
	key /etc/openvpn/syna-linux1.key
	dh /etc/openvpn/dh2048.pem


	server 10.20.30.0 255.255.255.0


	push "route 10.20.30.0" "255.255.255.0"

	;ifconfig-pool-persist ipp.txt

	client-config-dir /etc/openvpn/ccd
	ccd-exclusive
	;client-to-client

	keepalive 10 120
	tls-auth /etc/openvpn/ta.key 0
	cipher AES-256-CBC

	comp-lzo

	user nobody
	group nogroup

	persist-key
	persist-tun

	status /etc/openvpn/log/openvpn-status.log

	log /etc/openvpn/log/openvpn.log
	;log-append openvpn.log

	verb 5