diff options
Diffstat (limited to 'source/n/openvpn/slackware.conf')
-rw-r--r-- | source/n/openvpn/slackware.conf | 178 |
1 files changed, 178 insertions, 0 deletions
diff --git a/source/n/openvpn/slackware.conf b/source/n/openvpn/slackware.conf new file mode 100644 index 00000000..4314b544 --- /dev/null +++ b/source/n/openvpn/slackware.conf @@ -0,0 +1,178 @@ +# openvpn.conf.sample +# +# This is a sample configuration file for OpenVPN. +# Not all options are listed here; you can find good documentation +# about all of the options in OpenVPN's manual page - openvpn(8). +# +# You can make a P-t-P connection by creating a shared key, +# copying this key to other hosts in your network, and changing +# the IP addresses in this file. +# +# Commented options are provided for some typical configurations + +# Change the "search" path to /etc/openvpn +# All files referenced in this configuration will be relative to +# whatever directory is specified here - we default to /etc/openvpn +cd /etc/openvpn + +# If running as a server, which local IP address should OpenVPN +# listen on? Specify this as either a hostname or IP address. If +# this is left blank, OpenVPN will default to listening on all +# interfaces. +#local a.b.c.d + +# This option defines the IP or DNS name of the other side of your VPN +# connection. This option is needed if you are making client or P-t-P +# connections. If you are the server, use "local" instead. This may +# be specified as a domain name or IP address. +#remote vpn.server.org + +# This option defins the protocol to use. Valid options are: +# udp, tcp-server, or tcp-client. Default is udp, and generally +# speaking, tcp is a bad idea. +proto udp + +# This option defines the port on which your server will be listening +# or trying to connect. The default is 1194 +port 1194 + +# This option defines whether to use LZO compression. +# If enabled, it must be enabled at both ends of the VPN connection. +#comp-lzo + +# Debug level (default 1) +#verb 3 + +# VPN logfile location +# If you don't specify a location here, logging will be done through +# syslogd and write to /var/log/messages +log-append /var/log/openvpn.log + +# If you want to use OpenVPN as a daemon, uncomment this line. +# Generally speaking, servers should run OpenVPN as a daemon +# and clients should not. +#daemon + +# Device type to use, you can choose between tun or tap. +# TUN is the most common option. If you have multiple connections, +# it is a good idea to bind each connection to a separate TUN/TAP +# interface using tunX/tapX, where X is the number of each interface. +dev tun + +# This option prevents OpenVPN from closing and re-opening the tun/tap +# device every time it receives a SIGUSR1 signal +#persist-tun + +# This is similar to the previous option, but it prevents OpenVPN from +# re-reading the key files every time +#persist-key + +# If you are using a client-server architecture, you need to specify the +# role of your computer in your VPN network. To use one of these options, +# you need to configure TLS options too. +# +# To use the "server" option, you must specify a network subnet such +# as 172.16.1.0 255.255.255.0. The first number is the network, the +# second is the netmask. OpenVPN will take the first available IP +# for itself (in our example, 172.16.1.1) and the rest will be +# given to connecting clients dynamically. +# +# Leave these commented out if you are using OpenVPN in bridging mode. +# +#server 10.1.2.0 255.255.255.0 +#client + +# This option defines a file with IP address to client mapping. +# This is useful in general, and necessary if clients use persist-tun. +#ifconfig-pool-persist ips.txt + +# Enable this option if you want clients connected to this VPN to be +# able to talk directly to each other +#client-to-client + +# This option defines the directory in which configuration files for clients +# will reside. With individual files you can make each client get different +# options using "push" parameters +#client-config-dir ccd + +# If you are using P-t-P, you need to specify the IP addresses at both ends +# of your VPN connection. The IP addresses are reversed at the other side. +# +# You can use this to specify client IP addresses in ccd files (on server) +# or directly in client configuration +#ifconfig 10.1.2.1 10.1.2.2 + +# You can set routes to specific networks. In the sample below, "vpn_gateway" +# is an internal OpenVPN alias to your VPN gateway - leave it as is. +# This will enable you to talk with the networks behind your VPN server. +# Multiple routes can be specified. +# +# +------------+ <eth>-<tun> <tun>-<eth> +------------+ +# | Network1 |---| VPN1 |--[10.1.2.0/24]--| VPN2 |---| Network2 | +# +------------+ +------+ +------+ +------------+ +# 192.168.0.0/24 192.168.2.0/24 +# +# The sample below shows how VPN1 server can reach Network2 +#route 192.168.2.0 255.255.255.0 vpn_gateway + +# You can send clients many network configuration options using the +# "push" directive and sending commands. +# Multiple "push" directives can be used. You should only put global +# "push" directives here. You can "push" different options to +# different clients in per-client configuration files. See +# "client-config-dir" above. +# +# Using the same network configuration that you see above, the route statment +# here allows VPN2 to reach Network1 +#push "route-delay 2 600" +#push "route 192.168.2.0 255.255.255.0 vpn_gateway" +#push "persist-key" + +# This option sets the encryption algorithm to use in the VPN connection. +# Available options are: +# DES-CBC, RC2-CBC, DES-EDE-CBC, DES-EDE3-CBC, +# DESX-CBC, BF-CBC, RC2-40-CBC, CAST5-CBC, +# RC2-64-CBC, AES-128-CBC, AES-192-CBC and AES-256-CBC +cipher BF-CBC + +# Shared Key Connection +# --------------------- +# Secret is one shared key between the hosts that want to connect through VPNs. +# Without secret or TLS options, your data will not be encrypted. +# +# To generate an encryption key do: +# openvpn --genkey --secret /etc/openvpn/keys/shared.key +# +# Do the above on one host and copy it to the others +secret keys/shared.key + +# TLS Connections +# --------------- +# TLS must be used if you use option "server" or "client" +# The basic idea there is: You have one Certificate Authority, and all +# machines in your VPN network need to have individual certificates and +# keys signed by Certificate Authority. This means each client can +# have its own key, making it easier to revoke a key without copying +# a shared secret key to every client. +# +# Inside the /usr/doc/openvpn-$VERSION documentation directory, you can +# find "easy-rsa" scripts to make certificate and key management easier. + +# Certificate Authority file +# This file must be identical on all hosts that connect to your VPN +#ca certs/ca.crt + +# If you are the server, you need to specify some Diffie Hellman parameters. +# OpenVPN provides some sample .pem files in documentation directory +#dh my-dh.pem + +# Certificate and Key signed by Certificate Authority +# Each machine needs to have their own unique certificate +#cert certs/machine.cert +#key keys/machine.key + +# To prevent some DoS attacks we can add another authentication layer in the +# TLS control channel. This needs to be enabled at both ends to work +# client uses the value 1; server uses the value 0 +#tls-auth keys/shared.key 0 + |