Skip to content

Instantly share code, notes, and snippets.

@vallamost

vallamost/gist:f10f043e7a300d6ef1b44e88765a4131

Created May 3, 2020 23:31
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save vallamost/f10f043e7a300d6ef1b44e88765a4131 to your computer and use it in GitHub Desktop.
Save vallamost/f10f043e7a300d6ef1b44e88765a4131 to your computer and use it in GitHub Desktop.
Download ZIP
2020 - OpenVPN + FreeIPA Configs
Raw
gistfile1.txt
#configure freeIPA and generate certs +
https://gist.github.com/rechner/c6b9133b7816445b5850f8e22e16aa60
# generate certs from freeIPA
sudo ipa-getcert request -K openvpn/`hostname` -k /etc/openvpn/server_freeipa.key -f /etc/openvpn/server_freeipa.crt -I openvpn -C /usr/local/sbin/set-ssl-permissions
#openvpn server config
local <addressToBindTo>
port 1194
proto udp
dev tun
ca /etc/ipa/ca.crt
cert server_freeipa.crt
key server_freeipa.key
dh dh2048.pem # needed to generate, $ openssl dhparam -out dh2048.pem 2048
client-cert-not-required
username-as-common-name
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 192.168.9.1"
keepalive 10 120
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so "openvpn"
verb 3
status openvpn-status.log
#client config
client
dev tun
proto udp
remote <yourOpenVPNDomainOrIP> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
verb 3
<ca>
-----BEGIN CERTIFICATE-----
yourFreeIPACert
-----END CERTIFICATE-----
</ca>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment