The server puts OpenVPN in server mode, and supplies it with a subnet of IPs toĪllocate by specifying an address and a netmask. Tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 comp-lzo no verb 3 persist-tun persist-key # Keys key-direction 1 tls-auth client/ta.key etc/openvpn/nf: client remote 1194 udp dev tun # Uncomment the next line to redirect all traffic through the VPN # redirect-gateway def1 remote-cert-tls server cipher AES-256-CBC
Group nobody # Keys tls-auth server/ta.key 0 cert server/cert.crt Tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 comp-lzo no keepalive 15 60 ping-timer-rem ifconfig-pool-persist server/ipp verb 3 persist-tun persist-key # Drop privs user nobody The config fileĬlick on a line to jump to its explanation. That requires some settings that are annoying to use and setting up a firewall to block mistakes. While my base configuration is hardened (strong encryption and secure settings), my route-all-traffic configuration is not.
I use my VPN to have remote access into my network, and sometimes also to route all traffic through it, in order to escape some forms of connection filtering.
0 kommentar(er)
