Sample OVPN file

Home Page Forums Network Management VPN Sample OVPN file

This topic contains 1 reply, has 0 voices, and was last updated by  dnsadmin 8 years, 4 months ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #42884

    dnsadmin
    Member

    Here’s a sample working OVPN file that may help others get started:

    For simplicity’s sake, I recommend using pfx files.

    Also, to ensure you’re connecting to the desired endpoint, you’ll want to set the tls-remote to specify the CN name of your firewall — zeroshell.mycompany.com would be entered as /OU=Hosts/CN=zeroshell.mycompany.com

    I also include a line to dump some additional diagnostics — note the show-net-up line which you may uncomment when your end users need help.

    You should consider http://swupdate.openvpn.net/community/releases/openvpn-2.2-beta5-install.exe or later — prior versions had a bug with routes being created wrongly. Be sure your end users run openvpn and its gui as administrator.


    remote zeroshell.mycompany.com 1194
    remote-random
    resolv-retry infinite

    proto udp

    auth-user-pass # require username/password dialog

    pkcs12 user.pfx # Use pkcs12 for ca, pub/pvt key
    tls-remote /OU=Hosts/CN=zeroshell.mycompany.com

    client # This is a client config
    dev tap # Ethernet Tunnel mode
    comp-lzo # Compress traffic

    verb 1 # Logging level
    mute 10 # Limit consecutive loging of same cateogry messages
    #show-net-up # Log routing table & network adapter info after we're up

    nobind # Don't bind to local addr/port
    persist-key # Don't re-read keyfile on soft restart
    persist-tun # Don't close and reopen device, run scripts on soft restart

    # Add more Static Routes for our other network space when on VPN
    # Optional -- these may be helpful if other machines outside your firewall
    # expects access to come from your office.
    route 100.2.3.0 255.255.254.0
    route 10.0.0.0 255.255.254.0
    route 211.82.2.0 255.255.255.0
Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.