Skip to content

Instantly share code, notes, and snippets.

@peterhost peterhost/ccd.md
Created Aug 1, 2012

Embed
What would you like to do?
openvpn setup

ccd dir :

$ cat client1
ifconfig-push 10.20.30.21 10.20.30.22

$ cat client2
ifconfig-push 10.20.30.17 10.20.30.18
client
float
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/amen-pro6000-wpc0920.crt
key /etc/openvpn/keys/amen-pro6000-wpc0920.key
ns-cert-type server
tls-auth /etc/openvpn/keys/ta.key 1
cipher AES-256-CBC
verb 6
log /etc/openvpn/log/openvpn.log
user nobody
group nogroup
dev tun
tls-client
remote openvpn.mydomain.fr 1194
pull
proto udp
comp-lzo
#script-security 2
reneg-sec 0
explicit-exit-notify
client
float
resolv-retry infinite
nobind
persist-key
persist-tun
ca /usr/syno/etc/synovpnclient/openvpn/keys/ca.crt
cert /usr/syno/etc/synovpnclient/openvpn/keys/syna-nas-paris.crt
key /usr/syno/etc/synovpnclient/openvpn/keys/syna-nas-paris.key
ns-cert-type server
tls-auth /usr/syno/etc/synovpnclient/openvpn/keys/ta.key 1
cipher AES-256-CBC
verb 6
log /usr/syno/etc/synovpnclient/openvpn/openvpn.log
dev tun
tls-client
remote openvpn.mydomain.fr 1194
pull
proto udp
comp-lzo
script-security 2
reneg-sec 0
explicit-exit-notify
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
#Server has public IP bound to ETH0 in a /27 subnet (pool of 32 public IPs), is in a DMZ, UDP 1994 relayed to/from internet by IPCOP firewall
local 62.244.**.**
port 1194
;proto tcp
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/syna-linux1.crt
key /etc/openvpn/syna-linux1.key
dh /etc/openvpn/dh2048.pem
server 10.20.30.0 255.255.255.0
push "route 10.20.30.0" "255.255.255.0"
;ifconfig-pool-persist ipp.txt
client-config-dir /etc/openvpn/ccd
ccd-exclusive
;client-to-client
keepalive 10 120
tls-auth /etc/openvpn/ta.key 0
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /etc/openvpn/log/openvpn-status.log
log /etc/openvpn/log/openvpn.log
;log-append openvpn.log
verb 5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.