Skip to content

Instantly share code, notes, and snippets.

@sprocketsecurity
Created October 4, 2018 02:48
Show Gist options
  • Save sprocketsecurity/e1bdf0df1dcd4d558419a90c9474a671 to your computer and use it in GitHub Desktop.
Save sprocketsecurity/e1bdf0df1dcd4d558419a90c9474a671 to your computer and use it in GitHub Desktop.
OpenVPN server config for dropboxes
dev tun0
tls-server
user nobody
group nogroup
# Openvpn tunnel network
server 10.254.254.0 255.255.255.0
# IP Address we listen on
local <LOCAL_IP_OF_SERVER>
# Port and Protocol
port 1194
proto tcp
comp-lzo
cipher AES-256-CBC
# IPP allows you to statically assign tunnel network IPs to dropboxes
#ifconfig-pool-persist /etc/sysconfig/openvpn/ruvpn-ip-pool.txt
# mgmt & log settings
management 127.0.0.1 1196
log /var/log/openvpn
mute-replay-warnings
# verbose level, turn up if troubleshooting for more logs. 6 is usually good.
verb 3
# Maximum number of simultaneous clients
# enabling this allows multiple connections using the same cert. However, this is insecure.
# if someone steals your certs from a dropbox both the legit and malicious connections could exist simultaneously.
#max-clients 50
client-to-client
client-config-dir ccd
#Option, set renegotiation time
#reneg-sec 86400
#location of cert files
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
cert /etc/openvpn/easy-rsa/keys/pttunnel.crt
ca /etc/openvpn/easy-rsa/keys/ca.crt
key /etc/openvpn/easy-rsa/keys/pttunnel.key
# set this up upon first revoke
#crl-verify /etc/openvpn/easy-rsa/keys/crl.pem
#Timeout for restarting the tunnel on client end if it loses connection
keepalive 10 60
persist-tun
persist-key
#keep mtus low to account for additional encapsulation
link-mtu 1250
mssfix 1250
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment