summaryrefslogtreecommitdiff
path: root/sample-config-files/tls-home.conf
diff options
context:
space:
mode:
Diffstat (limited to 'sample-config-files/tls-home.conf')
-rw-r--r--sample-config-files/tls-home.conf83
1 files changed, 83 insertions, 0 deletions
diff --git a/sample-config-files/tls-home.conf b/sample-config-files/tls-home.conf
new file mode 100644
index 0000000..daa4ea1
--- /dev/null
+++ b/sample-config-files/tls-home.conf
@@ -0,0 +1,83 @@
+#
+# Sample OpenVPN configuration file for
+# home using SSL/TLS mode and RSA certificates/keys.
+#
+# '#' or ';' may be used to delimit comments.
+
+# Use a dynamic tun device.
+# For Linux 2.2 or non-Linux OSes,
+# you may want to use an explicit
+# unit number such as "tun1".
+# OpenVPN also supports virtual
+# ethernet "tap" devices.
+dev tun
+
+# Our OpenVPN peer is the office gateway.
+remote 1.2.3.4
+
+# 10.1.0.2 is our local VPN endpoint (home).
+# 10.1.0.1 is our remote VPN endpoint (office).
+ifconfig 10.1.0.2 10.1.0.1
+
+# Our up script will establish routes
+# once the VPN is alive.
+up ./home.up
+
+# In SSL/TLS key exchange, Office will
+# assume server role and Home
+# will assume client role.
+tls-client
+
+# Certificate Authority file
+ca my-ca.crt
+
+# Our certificate/public key
+cert home.crt
+
+# Our private key
+key home.key
+
+# OpenVPN 2.0 uses UDP port 1194 by default
+# (official port assignment by iana.org 11/04).
+# OpenVPN 1.x uses UDP port 5000 by default.
+# Each OpenVPN tunnel must use
+# a different port number.
+# lport or rport can be used
+# to denote different ports
+# for local and remote.
+; port 1194
+
+# Downgrade UID and GID to
+# "nobody" after initialization
+# for extra security.
+; user nobody
+; group nobody
+
+# If you built OpenVPN with
+# LZO compression, uncomment
+# out the following line.
+; comp-lzo
+
+# Send a UDP ping to remote once
+# every 15 seconds to keep
+# stateful firewall connection
+# alive. Uncomment this
+# out if you are using a stateful
+# firewall.
+; ping 15
+
+# Uncomment this section for a more reliable detection when a system
+# loses its connection. For example, dial-ups or laptops that
+# travel to other locations.
+; ping 15
+; ping-restart 45
+; ping-timer-rem
+; persist-tun
+; persist-key
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 3