ccd dir :
$ cat client1
ifconfig-push 10.20.30.21 10.20.30.22
$ cat client2
ifconfig-push 10.20.30.17 10.20.30.18
client | |
float | |
resolv-retry infinite | |
nobind | |
persist-key | |
persist-tun | |
ca /etc/openvpn/keys/ca.crt | |
cert /etc/openvpn/keys/amen-pro6000-wpc0920.crt | |
key /etc/openvpn/keys/amen-pro6000-wpc0920.key | |
ns-cert-type server | |
tls-auth /etc/openvpn/keys/ta.key 1 | |
cipher AES-256-CBC | |
verb 6 | |
log /etc/openvpn/log/openvpn.log | |
user nobody | |
group nogroup | |
dev tun | |
tls-client | |
remote openvpn.mydomain.fr 1194 | |
pull | |
proto udp | |
comp-lzo | |
#script-security 2 | |
reneg-sec 0 | |
explicit-exit-notify |
client | |
float | |
resolv-retry infinite | |
nobind | |
persist-key | |
persist-tun | |
ca /usr/syno/etc/synovpnclient/openvpn/keys/ca.crt | |
cert /usr/syno/etc/synovpnclient/openvpn/keys/syna-nas-paris.crt | |
key /usr/syno/etc/synovpnclient/openvpn/keys/syna-nas-paris.key | |
ns-cert-type server | |
tls-auth /usr/syno/etc/synovpnclient/openvpn/keys/ta.key 1 | |
cipher AES-256-CBC | |
verb 6 | |
log /usr/syno/etc/synovpnclient/openvpn/openvpn.log | |
dev tun | |
tls-client | |
remote openvpn.mydomain.fr 1194 | |
pull | |
proto udp | |
comp-lzo | |
script-security 2 | |
reneg-sec 0 | |
explicit-exit-notify |
Chain INPUT (policy ACCEPT) | |
target prot opt source destination | |
ACCEPT all -- anywhere anywhere | |
Chain FORWARD (policy ACCEPT) | |
target prot opt source destination | |
ACCEPT all -- anywhere anywhere | |
ACCEPT all -- anywhere anywhere |
#Server has public IP bound to ETH0 in a /27 subnet (pool of 32 public IPs), is in a DMZ, UDP 1994 relayed to/from internet by IPCOP firewall | |
local 62.244.**.** | |
port 1194 | |
;proto tcp | |
proto udp | |
dev tun | |
ca /etc/openvpn/ca.crt | |
cert /etc/openvpn/syna-linux1.crt | |
key /etc/openvpn/syna-linux1.key | |
dh /etc/openvpn/dh2048.pem | |
server 10.20.30.0 255.255.255.0 | |
push "route 10.20.30.0" "255.255.255.0" | |
;ifconfig-pool-persist ipp.txt | |
client-config-dir /etc/openvpn/ccd | |
ccd-exclusive | |
;client-to-client | |
keepalive 10 120 | |
tls-auth /etc/openvpn/ta.key 0 | |
cipher AES-256-CBC | |
comp-lzo | |
user nobody | |
group nogroup | |
persist-key | |
persist-tun | |
status /etc/openvpn/log/openvpn-status.log | |
log /etc/openvpn/log/openvpn.log | |
;log-append openvpn.log | |
verb 5 |