30 lines
590 B
Plaintext
30 lines
590 B
Plaintext
local 10.60.0.3
|
|
port 1194
|
|
proto udp
|
|
dev tun
|
|
|
|
# Bro is too honorable
|
|
ca /etc/openvpn/server/ca.crt
|
|
cert /etc/openvpn/server/vpn.crt
|
|
key /etc/openvpn/server/vpn.key
|
|
dh /etc/openvpn/server/dh2048.pem
|
|
|
|
server 10.8.0.0 255.255.255.0
|
|
verb 4
|
|
|
|
topology subnet
|
|
push "route 10.60.0.0 255.255.255.0"
|
|
|
|
# OCSP and Revocation
|
|
script-security 2
|
|
tls-verify /etc/openvpn/server/ocsp-verify.sh
|
|
# auth
|
|
cipher AES-256-GCM
|
|
auth SHA256
|
|
|
|
# plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so login
|
|
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so totp
|
|
tls-auth /etc/openvpn/server/ta.key 0
|
|
|
|
|