Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
B2B OpenVPN Server and Client Conf for version 2.4 Compatibility
## Server.conf ##
# Default Port used
port 1194
# Force UDP on IPv4 only
proto udp4 #proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
# Custom Range
server 10.10.108.0 255.255.255.0
#Not needed for us# ifconfig-pool-persist ipp.txt
#***Add local IP Address range used here - eth1***
push "route 10.108.139.0 255.255.255.0"
client-to-client
keepalive 10 120
# Set strong Cipher for 2.4 only clients
cipher AES-256-GCM
# Enable Backwards negotiated list for 2.3 clients
ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC #cipher aes-256-cbc
# Source the CRL File for Revocation
crl-verify /etc/openvpn/crl.pem
# Use the new Compress Algorithm
compress #comp-lzo
user nobody
group nobody
persist-key
persist-tun
# Help prevent MitM attack
remote-cert-tls client
status openvpn-status.log
log openvpn.log
verb3 # verb 9
# provide interface for lots of management goodness
management localhost 7505
#Add this option to Client config file # inactive 1800
# Add TLS Server Directive to serv.conf
# Be sure that tls-client is set in client ovpn file
tls-auth ta.key 0
# tls-server
## Client.conf ##
client
dev tun
proto udp4 #proto udp
remote x.x.x.x
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client_username
key client_username
remote-cert-tls server # ns-cert-type server
compress #comp-lzo
verb 3
script-security 2
tls-auth ta.key 1
cipher aes-256-cbc
explicit-exit-notify 1
inactive 1800
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment