[fli4l] [openvpn] ?==?utf-8?Q?mit Zertifikaten

Marc-Oliver Lange mol1 at gmx.de
Sa Apr 15 22:08:51 CEST 2017


Hier mal meine Konfig
-- /etc/openvpn/server.conf
port 9711
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key  # This file should be kept secret
dh /etc/openvpn/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.6.0 255.255.255.0"#Push this route to your internal
network
push "redirect-gateway def1" #Redirect all traffic across your VPN
push "dhcp-option DOMAIN fli4l.local"  #Push the DNS domain for your
internal network
push "dhcp-option DNS 192.168.6.1"  #Push DNS server
client-to-client
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
comp-lzo
max-clients 3
persist-key
persist-tun
status openvpn-status.log
verb 2
ping-timer-rem
verb 2
resolv-retry infinite
writepid /var/run/openvpn/server/pid
persist-local-ip
mlock
reneg-sec 3600
status /var/run/openvpn/server/status 15
status-version 1
management 127.0.0.1 0
management-log-cache 100
management-writeport /var/run/openvpn/server/mport
script-security 2
setenv ovpn_ipv6 no
fast-io
down-pre
float
mssfix 1450
tun-mtu 1500 
mtu-disc yes

--base.txt
PF_INPUT[]='if:any:any prot:udp 9711 ACCEPT'
PF_FORWARD[]='10.8.0.0/24 ACCEPT BIDIRECTIONAL'
PF_OUTPUT[]='10.8.0.0/24 any ACCEPT'    
PF_POSTROUTING[]='10.8.0.0/24 MASQUERADE'


--openvpn.txt
OPT_OPENVPN='yes'
OPENVPN_EXPERT='yes'
OPENVPN_WEBGUI='yes'


Mehr Informationen über die Mailingliste Fli4L