sprocketsecurity/pttunnel.conf

## pttunnel.conf
dev tun0
tls-server
user nobody
group nogroup

# Openvpn tunnel network
server 10.254.254.0 255.255.255.0

# IP Address we listen on
local <LOCAL_IP_OF_SERVER>

# Port and Protocol
port 1194
proto tcp

comp-lzo
cipher AES-256-CBC

# IPP allows you to statically assign tunnel network IPs to dropboxes
#ifconfig-pool-persist /etc/sysconfig/openvpn/ruvpn-ip-pool.txt

# mgmt & log settings
management 127.0.0.1 1196
log /var/log/openvpn
mute-replay-warnings
# verbose level, turn up if troubleshooting for more logs. 6 is usually good.
verb 3

# Maximum number of simultaneous clients
# enabling this allows multiple connections using the same cert. However, this is insecure.
# if someone steals your certs from a dropbox both the legit and malicious connections could exist simultaneously.
#max-clients 50

client-to-client
client-config-dir ccd

#Option, set renegotiation time
#reneg-sec 86400

#location of cert files
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
cert /etc/openvpn/easy-rsa/keys/pttunnel.crt
ca /etc/openvpn/easy-rsa/keys/ca.crt
key /etc/openvpn/easy-rsa/keys/pttunnel.key
# set this up upon first revoke
#crl-verify /etc/openvpn/easy-rsa/keys/crl.pem

#Timeout for restarting the tunnel on client end if it loses connection
keepalive 10 60
persist-tun
persist-key

#keep mtus low to account for additional encapsulation
link-mtu 1250
mssfix 1250
	dev tun0
	tls-server
	user nobody
	group nogroup

	# Openvpn tunnel network
	server 10.254.254.0 255.255.255.0

	# IP Address we listen on
	local <LOCAL_IP_OF_SERVER>

	# Port and Protocol
	port 1194
	proto tcp

	comp-lzo
	cipher AES-256-CBC

	# IPP allows you to statically assign tunnel network IPs to dropboxes
	#ifconfig-pool-persist /etc/sysconfig/openvpn/ruvpn-ip-pool.txt

	# mgmt & log settings
	management 127.0.0.1 1196
	log /var/log/openvpn
	mute-replay-warnings
	# verbose level, turn up if troubleshooting for more logs. 6 is usually good.
	verb 3

	# Maximum number of simultaneous clients
	# enabling this allows multiple connections using the same cert. However, this is insecure.
	# if someone steals your certs from a dropbox both the legit and malicious connections could exist simultaneously.
	#max-clients 50

	client-to-client
	client-config-dir ccd

	#Option, set renegotiation time
	#reneg-sec 86400

	#location of cert files
	dh /etc/openvpn/easy-rsa/keys/dh2048.pem
	cert /etc/openvpn/easy-rsa/keys/pttunnel.crt
	ca /etc/openvpn/easy-rsa/keys/ca.crt
	key /etc/openvpn/easy-rsa/keys/pttunnel.key
	# set this up upon first revoke
	#crl-verify /etc/openvpn/easy-rsa/keys/crl.pem

	#Timeout for restarting the tunnel on client end if it loses connection
	keepalive 10 60
	persist-tun
	persist-key

	#keep mtus low to account for additional encapsulation
	link-mtu 1250
	mssfix 1250