tony-caffe/Conf Files for 2.4

## Conf Files for 2.4
## Server.conf ##

# Default Port used
port 1194
# Force UDP on IPv4 only
proto udp4 #proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
#  Custom Range
server 10.10.108.0 255.255.255.0
#Not needed for us# ifconfig-pool-persist ipp.txt
#***Add local IP Address range used here - eth1***
push "route 10.108.139.0 255.255.255.0"
client-to-client
keepalive 10 120
# Set strong Cipher for 2.4 only clients
cipher AES-256-GCM
# Enable Backwards negotiated list for 2.3 clients
ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC #cipher aes-256-cbc
# Source the CRL File for Revocation
crl-verify /etc/openvpn/crl.pem
# Use the new Compress Algorithm
compress #comp-lzo
user nobody
group nobody
persist-key
persist-tun
# Help prevent MitM attack
remote-cert-tls client
status openvpn-status.log
log         openvpn.log
verb3 # verb 9
# provide interface for lots of management goodness
management localhost 7505
#Add this option to Client config file # inactive 1800
# Add TLS Server Directive to serv.conf
# Be sure that tls-client is set in client ovpn file
tls-auth ta.key 0
# tls-server


## Client.conf ##

client
dev tun
proto udp4 #proto udp
remote x.x.x.x
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client_username
key client_username
remote-cert-tls server # ns-cert-type server
compress #comp-lzo
verb 3
script-security 2
tls-auth ta.key 1
cipher aes-256-cbc
explicit-exit-notify 1
inactive 1800
	## Server.conf ##

	# Default Port used
	port 1194
	# Force UDP on IPv4 only
	proto udp4 #proto udp
	dev tun
	ca ca.crt
	cert server.crt
	key server.key
	dh dh2048.pem
	# Custom Range
	server 10.10.108.0 255.255.255.0
	#Not needed for us# ifconfig-pool-persist ipp.txt
	#*Add local IP Address range used here - eth1*
	push "route 10.108.139.0 255.255.255.0"
	client-to-client
	keepalive 10 120
	# Set strong Cipher for 2.4 only clients
	cipher AES-256-GCM
	# Enable Backwards negotiated list for 2.3 clients
	ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC #cipher aes-256-cbc
	# Source the CRL File for Revocation
	crl-verify /etc/openvpn/crl.pem
	# Use the new Compress Algorithm
	compress #comp-lzo
	user nobody
	group nobody
	persist-key
	persist-tun
	# Help prevent MitM attack
	remote-cert-tls client
	status openvpn-status.log
	log openvpn.log
	verb3 # verb 9
	# provide interface for lots of management goodness
	management localhost 7505
	#Add this option to Client config file # inactive 1800
	# Add TLS Server Directive to serv.conf
	# Be sure that tls-client is set in client ovpn file
	tls-auth ta.key 0
	# tls-server


	## Client.conf ##

	client
	dev tun
	proto udp4 #proto udp
	remote x.x.x.x
	resolv-retry infinite
	nobind
	persist-key
	persist-tun
	ca ca.crt
	cert client_username
	key client_username
	remote-cert-tls server # ns-cert-type server
	compress #comp-lzo
	verb 3
	script-security 2
	tls-auth ta.key 1
	cipher aes-256-cbc
	explicit-exit-notify 1
	inactive 1800