1 | # |
---|
2 | # Sample OpenVPN configuration file for |
---|
3 | # home using SSL/TLS mode and RSA certificates/keys. |
---|
4 | # |
---|
5 | # '#' or ';' may be used to delimit comments. |
---|
6 | client |
---|
7 | |
---|
8 | proto tcp |
---|
9 | ##proto udp |
---|
10 | connect-timeout 30 |
---|
11 | fast-io |
---|
12 | tls-timeout 10 |
---|
13 | |
---|
14 | # Use a dynamic tun device. |
---|
15 | # For Linux 2.2 or non-Linux OSes, |
---|
16 | # you may want to use an explicit |
---|
17 | # unit number such as "tun1". |
---|
18 | # OpenVPN also supports virtual |
---|
19 | # ethernet "tap" devices. |
---|
20 | dev tun |
---|
21 | |
---|
22 | # Our OpenVPN peer is the office gateway. |
---|
23 | remote x.x.x.x |
---|
24 | ##remote 127.0.0.1 |
---|
25 | |
---|
26 | socket-flags TCP_NODELAY |
---|
27 | |
---|
28 | # 10.1.0.2 is our local VPN endpoint (home). |
---|
29 | # 10.1.0.1 is our remote VPN endpoint (office). |
---|
30 | ###ifconfig 10.1.0.2 10.1.0.1 |
---|
31 | |
---|
32 | # Our up script will establish routes |
---|
33 | # once the VPN is alive. |
---|
34 | ###up /etc/openvpn/nautilus.up |
---|
35 | |
---|
36 | # In SSL/TLS key exchange, Office will |
---|
37 | # assume server role and Home |
---|
38 | # will assume client role. |
---|
39 | #tls-client |
---|
40 | #tls-verify /bin/true |
---|
41 | #script-security 2 |
---|
42 | |
---|
43 | # Certificate Authority file |
---|
44 | ca ca.crt |
---|
45 | ##ca server.crt |
---|
46 | |
---|
47 | # Our certificate/public key |
---|
48 | cert orca.crt |
---|
49 | |
---|
50 | # Our private key |
---|
51 | key orca.key |
---|
52 | ##key abc01.key |
---|
53 | |
---|
54 | # OpenVPN 2.0 uses UDP port 1194 by default |
---|
55 | # (official port assignment by iana.org 11/04). |
---|
56 | # OpenVPN 1.x uses UDP port 5000 by default. |
---|
57 | # Each OpenVPN tunnel must use |
---|
58 | # a different port number. |
---|
59 | # lport or rport can be used |
---|
60 | # to denote different ports |
---|
61 | # for local and remote. |
---|
62 | port 1194 |
---|
63 | ##port 11940 |
---|
64 | |
---|
65 | # Downgrade UID and GID to |
---|
66 | # "nobody" after initialization |
---|
67 | # for extra security. |
---|
68 | ; user nobody |
---|
69 | ; group nobody |
---|
70 | |
---|
71 | # If you built OpenVPN with |
---|
72 | # LZO compression, uncomment |
---|
73 | # out the following line. |
---|
74 | comp-lzo |
---|
75 | |
---|
76 | ### shaper 8192 |
---|
77 | ### redirect-gateway |
---|
78 | |
---|
79 | # Send a UDP ping to remote once |
---|
80 | # every 15 seconds to keep |
---|
81 | # stateful firewall connection |
---|
82 | # alive. Uncomment this |
---|
83 | # out if you are using a stateful |
---|
84 | # firewall. |
---|
85 | ; ping 15 |
---|
86 | |
---|
87 | # Uncomment this section for a more reliable detection when a system |
---|
88 | # loses its connection. For example, dial-ups or laptops that |
---|
89 | # travel to other locations. |
---|
90 | ; ping 15 |
---|
91 | ; ping-restart 45 |
---|
92 | ; ping-timer-rem |
---|
93 | ; persist-tun |
---|
94 | ; persist-key |
---|
95 | |
---|
96 | # Verbosity level. |
---|
97 | # 0 -- quiet except for fatal errors. |
---|
98 | # 1 -- mostly quiet, but display non-fatal network errors. |
---|
99 | # 3 -- medium output, good for normal operation. |
---|
100 | # 9 -- verbose, good for troubleshooting |
---|
101 | verb 3 |
---|
102 | |
---|
103 | # mtu-test |
---|
104 | # tun-mtu 576 |
---|
105 | # fragment 1300 |
---|
106 | # mssfix |
---|
107 | ##redirect-gateway |
---|
108 | |
---|