summaryrefslogtreecommitdiff
path: root/sample/sample-config-files
diff options
context:
space:
mode:
authorAlberto Gonzalez Iniesta <agi@inittab.org>2016-11-21 09:37:33 +0100
committerAlberto Gonzalez Iniesta <agi@inittab.org>2016-11-21 09:37:33 +0100
commit93b77cacdbb7e6f310c4e20f85c3a24ed5ba18ba (patch)
tree55a7688c9969ef4d01625caa58c7f679098c76eb /sample/sample-config-files
parentdaa9ef0efeb5e10a1b43820fbab3a4ff5fbd22f1 (diff)
parent20c8675ba46bda97330a4117c459a59a9f1c465e (diff)
Merge tag 'upstream/2.4_beta1'
Upstream version 2.4~beta1
Diffstat (limited to 'sample/sample-config-files')
-rw-r--r--sample/sample-config-files/client.conf9
-rw-r--r--sample/sample-config-files/loopback-client1
-rw-r--r--sample/sample-config-files/loopback-server1
-rw-r--r--sample/sample-config-files/server.conf25
-rw-r--r--sample/sample-config-files/static-home.conf3
-rw-r--r--sample/sample-config-files/static-office.conf3
6 files changed, 32 insertions, 10 deletions
diff --git a/sample/sample-config-files/client.conf b/sample/sample-config-files/client.conf
index 050ef60..f5c69e3 100644
--- a/sample/sample-config-files/client.conf
+++ b/sample/sample-config-files/client.conf
@@ -105,17 +105,20 @@ remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
-;tls-auth ta.key 1
+tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
-;cipher x
+# Note that 2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
-comp-lzo
+#comp-lzo
# Set log file verbosity.
verb 3
diff --git a/sample/sample-config-files/loopback-client b/sample/sample-config-files/loopback-client
index ebbd1cf..7117307 100644
--- a/sample/sample-config-files/loopback-client
+++ b/sample/sample-config-files/loopback-client
@@ -21,5 +21,6 @@ remote-cert-tls server
ca sample-keys/ca.crt
key sample-keys/client.key
cert sample-keys/client.crt
+tls-auth sample-keys/ta.key 1
ping 1
inactive 120 10000000
diff --git a/sample/sample-config-files/loopback-server b/sample/sample-config-files/loopback-server
index 8cb97be..8e1f39c 100644
--- a/sample/sample-config-files/loopback-server
+++ b/sample/sample-config-files/loopback-server
@@ -21,5 +21,6 @@ dh sample-keys/dh2048.pem
ca sample-keys/ca.crt
key sample-keys/server.key
cert sample-keys/server.crt
+tls-auth sample-keys/ta.key 0
ping 1
inactive 120 10000000
diff --git a/sample/sample-config-files/server.conf b/sample/sample-config-files/server.conf
index 701be3c..aa7d5b3 100644
--- a/sample/sample-config-files/server.conf
+++ b/sample/sample-config-files/server.conf
@@ -241,19 +241,26 @@ keepalive 10 120
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
-;tls-auth ta.key 0 # This file is secret
+tls-auth ta.key 0 # This file is secret
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
-;cipher BF-CBC # Blowfish (default)
-;cipher AES-128-CBC # AES
-;cipher DES-EDE3-CBC # Triple-DES
-
-# Enable compression on the VPN link.
+# Note that 2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link and push the
+# option to the client (2.4+ only, for earlier
+# versions see below)
+;compress lz4-v2
+;push "compress lz4-v2"
+
+# For compression compatible with older clients use comp-lzo
# If you enable it here, you must also
# enable it in the client config file.
-comp-lzo
+;comp-lzo
# The maximum number of concurrently connected
# clients we want to allow.
@@ -302,3 +309,7 @@ verb 3
# sequential messages of the same message
# category will be output to the log.
;mute 20
+
+# Notify the client that when the server restarts so it
+# can automatically reconnect.
+explicit-exit-notify 1 \ No newline at end of file
diff --git a/sample/sample-config-files/static-home.conf b/sample/sample-config-files/static-home.conf
index c966687..ed0c672 100644
--- a/sample/sample-config-files/static-home.conf
+++ b/sample/sample-config-files/static-home.conf
@@ -26,6 +26,9 @@ up ./home.up
# Our pre-shared static key
secret static.key
+# Cipher to use
+cipher AES-256-CBC
+
# OpenVPN 2.0 uses UDP port 1194 by default
# (official port assignment by iana.org 11/04).
# OpenVPN 1.x uses UDP port 5000 by default.
diff --git a/sample/sample-config-files/static-office.conf b/sample/sample-config-files/static-office.conf
index 68030cc..609ddd0 100644
--- a/sample/sample-config-files/static-office.conf
+++ b/sample/sample-config-files/static-office.conf
@@ -23,6 +23,9 @@ up ./office.up
# Our pre-shared static key
secret static.key
+# Cipher to use
+cipher AES-256-CBC
+
# OpenVPN 2.0 uses UDP port 1194 by default
# (official port assignment by iana.org 11/04).
# OpenVPN 1.x uses UDP port 5000 by default.