User Tools
wiki:webui:administration:openvpn:server
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
wiki:webui:administration:openvpn:server [2020/03/13 15:41] ghi created |
wiki:webui:administration:openvpn:server [2021/09/22 16:19] (current) tda |
||
|---|---|---|---|
| Line 75: | Line 75: | ||
| Here is a simple server side configuration file: | Here is a simple server side configuration file: | ||
| - | <code conf /etc/openvpn/server.conf> | + | <code conf /etc/openvpn/server-openvpn.conf> |
| - | # UDP tunnel on port 1194 | + | |
| port 1194 | port 1194 | ||
| proto udp | proto udp | ||
| dev tun | dev tun | ||
| - | # Server identification and security parameters | + | #tls-version-min "1.0" |
| - | pkcs12 /etc/openvpn/server-cert.p12 | + | #tls-version-max "1.0" |
| - | dh /etc/openvpn/dh2048.pem | + | |
| + | # CA certificate | ||
| + | ca ca.crt | ||
| + | |||
| + | # Server and Private Server key # This file should be kept secret | ||
| + | pkcs12 server.12 | ||
| + | |||
| + | # Diffie-Hellman parameters | ||
| + | dh dh2048.pem | ||
| # LAN information and network configuration | # LAN information and network configuration | ||
| topology subnet | topology subnet | ||
| + | |||
| server 10.8.0.0 255.255.255.0 | server 10.8.0.0 255.255.255.0 | ||
| ifconfig-pool-persist ipp.txt 86400 | ifconfig-pool-persist ipp.txt 86400 | ||
| Line 93: | Line 102: | ||
| push "route 172.18.0.0 255.255.0.0" | push "route 172.18.0.0 255.255.0.0" | ||
| push "dhcp-option DNS 10.8.0.1" | push "dhcp-option DNS 10.8.0.1" | ||
| + | |||
| # Connection management | # Connection management | ||
| comp-lzo | comp-lzo | ||
| keepalive 15 120 | keepalive 15 120 | ||
| cipher AES-256-CBC | cipher AES-256-CBC | ||
| + | |||
| # Daemon configuration | # Daemon configuration | ||
| user nobody | user nobody | ||
| group nogroup | group nogroup | ||
| + | |||
| # Persist across restarts | # Persist across restarts | ||
| persist-key | persist-key | ||
| Line 108: | Line 117: | ||
| persist-local-ip | persist-local-ip | ||
| persist-remote-ip | persist-remote-ip | ||
| + | |||
| # Management options | # Management options | ||
| status openvpn-status.log | status openvpn-status.log | ||
| Line 114: | Line 123: | ||
| management localhost 6666 | management localhost 6666 | ||
| script-security 2 | script-security 2 | ||
| + | |||
| + | client-to-client | ||
| + | |||
| </code> | </code> | ||
| Line 119: | Line 131: | ||
| <code bash> | <code bash> | ||
| - | openvpn /etc/openvpn/server.conf | + | # sudo openvpn /etc/openvpn/server-openvpn.conf |
| </code> | </code> | ||
| + | |||
| + | Note: if you set a passphrase to access your private key, just add the following line in your configuration file : | ||
| + | |||
| + | <code bash> | ||
| + | askpass pass.txt | ||
| + | </code> | ||
| + | |||
| + | fill the pass.txt file with your password and chmod 600 it. | ||
| + | |||
wiki/webui/administration/openvpn/server.1584110512.txt.gz · Last modified: 2020/03/13 15:41 by ghi
Page Tools
