[[openvpn]]
Trace: openvpn
Show pagesource
AdminRecent ChangesSitemap

This is an old revision of the document!

Simple configuration

Server side

 port 1011
 proto udp
 dev tun1
 daemon
 writepid /var/run/openvpn.pid
 ca /etc/openvpn/certs/ca.pem
 cert /etc/openvpn/certs/cert.pem
 key /etc/openvpn/certs/.key
 dh /etc/openvpn/certs/dh1024.pem
 server 192.168.240.8 255.255.255.248
 client-config-dir /etc/openvpn/ccd
 ccd-exclusive
 push "route 10.10.50.32 255.255.255.224"
 client-to-client
 keepalive 10 120
 comp-lzo
 tls-auth /etc/openvpn/certs/ta.key 0 # This file is secret
 cipher AES-256-CBC        
 max-clients 5
 user nobody
 group nogroup
 persist-key
 persist-tun
 log     /var/log/openvpn/vpn.log
 status  /var/log/openvpn/vpn.status
 verb 4
 mute 10

# To create the dh512.pem or dh1024.pem: 

      % # openssl gendh -rand rand.dat -out dh1024.pem
      % openssl dhparam -check -text -5 512     -out   dh512.pem
      % openssl dhparam -check -text -5 1024  -out  dh1024.pem

OpenSSL / SSL stuff

Generate individual certs out of .pk12 cert 

 openssl pkcs12 -nocerts -in default.p12 -out userkey.pem
 openssl pkcs12 -nokeys -clcerts -in default.p12 -out usercert.pem
 openssl pkcs12 -nokeys -cacerts -in default.p12 -out userca.pem
openvpn.1229293966.txt.gz · Last modified: 2009/05/25 00:34 (external edit)
Show pagesourceOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready