IT-Eule/OpenVPN-Simple-Setup
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
025174d9fb
OpenVPN-Simple-Setup/Config/server.conf
G. Matheis 025174d9fb Initial Commit
2020-04-17 00:06:32 +02:00

60 lines
1.3 KiB
Plaintext
Raw Blame History

### CONFIG ###
mode server
server [VPN-IP/24].0 255.255.255.0
port [Port]
proto tcp
# UDP ONLY:
# explicit-exit-notify 1
dev tun
persist-key
persist-tun
ifconfig-pool-persist ip.table
ca [VPN-Dir]/ca.crt
cert [VPN-Dir]/[NAME].crt
key [VPN-Dir]/[NAME].key
dh [VPN-Dir]/dh.pem
tls-crypt [VPN-Dir]/SharedSecret.psk
# Benötigt für RasPI
#tun-mtu 1500
topology subnet
push "topology subnet"
# Deprecated
#comp-lzo
compress lz4-v2
push "compress lz4-v2"
push "redirect-gateway def1 bypass-dhcp bypass-dns"
push "dhcp-option DNS [DNS-SERVER-IP]"
#push "dhcp-option DNS 208.64.222.222" # OpenDNS
#push "dhcp-option DNS 208.64.220.220" # OpenDNS Fallback
#push "dhcp-option DNS 8.8.8.8" # Google-DNS
#push "dhcp-option DNS 8.8.4.4" # Google-DNS Fallback
push "dhcp-option WINS [VPN-IP/24].1"
push "route [VPN-IP/24].0 255.255.255.0"
client-to-client
keepalive 10 120
status logs/status.log
log-append logs/vpn.log
verb 3
### HARDENING ###
user ovpn
group ovpn
auth SHA512
keysize 256
cipher AES-256-GCM
remote-cert-tls client
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
ncp-ciphers AES-256-GCM:AES-256-CBC
Reference in New Issue View Git Blame Copy Permalink