| 1 | # |
|---|
| 2 | # Sample OpenVPN configuration file for |
|---|
| 3 | # home using SSL/TLS mode and RSA certificates/keys. |
|---|
| 4 | # |
|---|
| 5 | # '#' or ';' may be used to delimit comments. |
|---|
| 6 | client |
|---|
| 7 | |
|---|
| 8 | proto tcp |
|---|
| 9 | ##proto udp |
|---|
| 10 | connect-timeout 30 |
|---|
| 11 | fast-io |
|---|
| 12 | tls-timeout 10 |
|---|
| 13 | |
|---|
| 14 | # Use a dynamic tun device. |
|---|
| 15 | # For Linux 2.2 or non-Linux OSes, |
|---|
| 16 | # you may want to use an explicit |
|---|
| 17 | # unit number such as "tun1". |
|---|
| 18 | # OpenVPN also supports virtual |
|---|
| 19 | # ethernet "tap" devices. |
|---|
| 20 | dev tun |
|---|
| 21 | |
|---|
| 22 | # Our OpenVPN peer is the office gateway. |
|---|
| 23 | remote x.x.x.x |
|---|
| 24 | ##remote 127.0.0.1 |
|---|
| 25 | |
|---|
| 26 | socket-flags TCP_NODELAY |
|---|
| 27 | |
|---|
| 28 | # 10.1.0.2 is our local VPN endpoint (home). |
|---|
| 29 | # 10.1.0.1 is our remote VPN endpoint (office). |
|---|
| 30 | ###ifconfig 10.1.0.2 10.1.0.1 |
|---|
| 31 | |
|---|
| 32 | # Our up script will establish routes |
|---|
| 33 | # once the VPN is alive. |
|---|
| 34 | ###up /etc/openvpn/nautilus.up |
|---|
| 35 | |
|---|
| 36 | # In SSL/TLS key exchange, Office will |
|---|
| 37 | # assume server role and Home |
|---|
| 38 | # will assume client role. |
|---|
| 39 | #tls-client |
|---|
| 40 | #tls-verify /bin/true |
|---|
| 41 | #script-security 2 |
|---|
| 42 | |
|---|
| 43 | # Certificate Authority file |
|---|
| 44 | ca ca.crt |
|---|
| 45 | ##ca server.crt |
|---|
| 46 | |
|---|
| 47 | # Our certificate/public key |
|---|
| 48 | cert orca.crt |
|---|
| 49 | |
|---|
| 50 | # Our private key |
|---|
| 51 | key orca.key |
|---|
| 52 | ##key abc01.key |
|---|
| 53 | |
|---|
| 54 | # OpenVPN 2.0 uses UDP port 1194 by default |
|---|
| 55 | # (official port assignment by iana.org 11/04). |
|---|
| 56 | # OpenVPN 1.x uses UDP port 5000 by default. |
|---|
| 57 | # Each OpenVPN tunnel must use |
|---|
| 58 | # a different port number. |
|---|
| 59 | # lport or rport can be used |
|---|
| 60 | # to denote different ports |
|---|
| 61 | # for local and remote. |
|---|
| 62 | port 1194 |
|---|
| 63 | ##port 11940 |
|---|
| 64 | |
|---|
| 65 | # Downgrade UID and GID to |
|---|
| 66 | # "nobody" after initialization |
|---|
| 67 | # for extra security. |
|---|
| 68 | ; user nobody |
|---|
| 69 | ; group nobody |
|---|
| 70 | |
|---|
| 71 | # If you built OpenVPN with |
|---|
| 72 | # LZO compression, uncomment |
|---|
| 73 | # out the following line. |
|---|
| 74 | comp-lzo |
|---|
| 75 | |
|---|
| 76 | ### shaper 8192 |
|---|
| 77 | ### redirect-gateway |
|---|
| 78 | |
|---|
| 79 | # Send a UDP ping to remote once |
|---|
| 80 | # every 15 seconds to keep |
|---|
| 81 | # stateful firewall connection |
|---|
| 82 | # alive. Uncomment this |
|---|
| 83 | # out if you are using a stateful |
|---|
| 84 | # firewall. |
|---|
| 85 | ; ping 15 |
|---|
| 86 | |
|---|
| 87 | # Uncomment this section for a more reliable detection when a system |
|---|
| 88 | # loses its connection. For example, dial-ups or laptops that |
|---|
| 89 | # travel to other locations. |
|---|
| 90 | ; ping 15 |
|---|
| 91 | ; ping-restart 45 |
|---|
| 92 | ; ping-timer-rem |
|---|
| 93 | ; persist-tun |
|---|
| 94 | ; persist-key |
|---|
| 95 | |
|---|
| 96 | # Verbosity level. |
|---|
| 97 | # 0 -- quiet except for fatal errors. |
|---|
| 98 | # 1 -- mostly quiet, but display non-fatal network errors. |
|---|
| 99 | # 3 -- medium output, good for normal operation. |
|---|
| 100 | # 9 -- verbose, good for troubleshooting |
|---|
| 101 | verb 3 |
|---|
| 102 | |
|---|
| 103 | # mtu-test |
|---|
| 104 | # tun-mtu 576 |
|---|
| 105 | # fragment 1300 |
|---|
| 106 | # mssfix |
|---|
| 107 | ##redirect-gateway |
|---|
| 108 | |
|---|
