#
# Sample OpenVPN configuration file for
# office using SSL/TLS mode and RSA certificates/keys.
#
# '#' or ';' may be used to delimit comments.
# Use a dynamic tun device.
# For Linux 2.2 or non-Linux OSes,
# you may want to use an explicit
# unit number such as "tun1".
# OpenVPN also supports virtual
# ethernet "tap" devices.
dev tun
; dev tap
# Choose an uncommon local subnet for the virtual VPN end points.
# 10.1.0.1 is the local side of the VPN endpoint (slug side)
# 10.1.0.2 is the remote side of the VPN endpoint (client side)
# For tun mode use ifconfig 10.1.0.1 10.1.0.2
# For tap mode use ifconfig 10.1.0.1 255.255.255.0
ifconfig 10.1.0.1 10.1.0.2
; ifconfig 10.1.0.1 255.255.255.0
# Our up script will establish routes once the VPN is alive.
# Running scripts need the script-security set to 2.
script-security 2
up ./openvpn.up
# Push the 'server subnet route' to the clients
push "route 192.168.1.0 255.255.255.0"
# Push the WINS server to the clients - if we have a Samba WINS server.
; push "dhcp-option WINS 192.168.1.77"
# Server Static Key
# (For security run - chmod 600 /opt/etc/openvpn/static.key)
secret static.key
# In SSL/TLS key exchange, Office will
# assume server role and Home
# will assume client role.
; tls-server
# Diffie-Hellman Parameters (tls-server only)
; dh dh1024.pem
# Certificate Authority file
; ca my-ca.crt
# Our certificate/public key
; cert slug-certificate.crt
# Our private key
; key slug-certificate.key
# OpenVPN 2.0 uses UDP port 1194 by default
# (official port assignment by iana.org 11/04).
# OpenVPN 1.x uses UDP port 5000 by default.
# Each OpenVPN tunnel must use
# a different port number.
# lport or rport can be used
# to denote different ports
# for local and remote.
; port 1194
# Downgrade UID and GID to
# "nobody" after initialization
# for extra security.
; user nobody
; group nobody
# If you built OpenVPN with
# LZO compression, uncomment
# out the following line.
comp-lzo
# Send a UDP ping to remote once
# every 15 seconds to keep
# stateful firewall connection
# alive. Uncomment this
# out if you are using a stateful
# firewall.
; ping 15
# Uncomment this section for a more reliable detection when a system
# loses its connection. For example, dial-ups or laptops that
# travel to other locations.
; ping 15
; ping-restart 45
; ping-timer-rem
persist-tun
persist-key
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 3
# Log files
log-append /opt/var/log/openvpn/openvpn.log
; status /opt/var/log/openvpn/status.log
# Inactivity timeout
; inactive 45
keepalive 10 60
