| 1 | user nobody |
|---|
| 2 | group nogroup |
|---|
| 3 | script-security 2 |
|---|
| 4 | |
|---|
| 5 | verb 3 |
|---|
| 6 | |
|---|
| 7 | proto tcp6-server |
|---|
| 8 | port 995 |
|---|
| 9 | keepalive 10 120 |
|---|
| 10 | comp-lzo |
|---|
| 11 | |
|---|
| 12 | dev tun |
|---|
| 13 | persist-tun |
|---|
| 14 | push tun-ipv6 |
|---|
| 15 | |
|---|
| 16 | mode server |
|---|
| 17 | tls-server |
|---|
| 18 | persist-key |
|---|
| 19 | |
|---|
| 20 | ca /etc/openvpn/ca.crt |
|---|
| 21 | cert /etc/openvpn/server.crt |
|---|
| 22 | key /etc/openvpn/server.key |
|---|
| 23 | dh dh2048.pem |
|---|
| 24 | crl-verify /etc/openvpn/crl.pem |
|---|
| 25 | |
|---|
| 26 | ifconfig 192.168.40.254 192.168.40.253 |
|---|
| 27 | ifconfig-pool 192.168.40.0 192.168.40.254 |
|---|
| 28 | route 192.168.40.0 255.255.255.0 |
|---|
| 29 | |
|---|
| 30 | ifconfig-ipv6 <VPN ipv6 prefix>::254 <VPN ipv6 prefix>::253 |
|---|
| 31 | ifconfig-ipv6-pool <VPN ipv6 prefix>::/64 |
|---|
| 32 | route-ipv6 <VPN ipv6 prefix>::/64 |
|---|
| 33 | |
|---|
| 34 | push "route 192.168.39.0 255.255.255.0" |
|---|
| 35 | push "route 192.168.40.0 255.255.255.0" |
|---|
| 36 | push "route-ipv6 <ULA prefix>:1::/64" |
|---|
| 37 | push "route-ipv6 <LAN ipv6 prefix>::/64" |
|---|
| 38 | push "route-ipv6 <VPN ipv6 prefix>::/64" |
|---|
| 39 | |
|---|
| 40 | push "dhcp-option DNS 192.168.39.254" |
|---|
| 41 | push "dhcp-option DNS <ULA prefix>:1::254" |
|---|
| 42 | push "dhcp-option DOMAIN <local FQDN>" |
|---|
| 43 | |
|---|
| 44 | ifconfig-pool-persist /etc/openvpn/ipp.txt |
|---|
| 45 | |
|---|
| 46 | client-connect /etc/openvpn/client-connect.sh |
|---|
