From 20c8675ba46bda97330a4117c459a59a9f1c465e Mon Sep 17 00:00:00 2001 From: Alberto Gonzalez Iniesta Date: Mon, 21 Nov 2016 09:37:33 +0100 Subject: New upstream version 2.4~beta1 --- sample/sample-config-files/client.conf | 9 ++++++--- sample/sample-config-files/loopback-client | 1 + sample/sample-config-files/loopback-server | 1 + sample/sample-config-files/server.conf | 25 ++++++++++++++++++------- sample/sample-config-files/static-home.conf | 3 +++ sample/sample-config-files/static-office.conf | 3 +++ 6 files changed, 32 insertions(+), 10 deletions(-) (limited to 'sample/sample-config-files') diff --git a/sample/sample-config-files/client.conf b/sample/sample-config-files/client.conf index 050ef60..f5c69e3 100644 --- a/sample/sample-config-files/client.conf +++ b/sample/sample-config-files/client.conf @@ -105,17 +105,20 @@ remote-cert-tls server # If a tls-auth key is used on the server # then every client must also have the key. -;tls-auth ta.key 1 +tls-auth ta.key 1 # Select a cryptographic cipher. # If the cipher option is used on the server # then you must also specify it here. -;cipher x +# Note that 2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC # Enable compression on the VPN link. # Don't enable this unless it is also # enabled in the server config file. -comp-lzo +#comp-lzo # Set log file verbosity. verb 3 diff --git a/sample/sample-config-files/loopback-client b/sample/sample-config-files/loopback-client index ebbd1cf..7117307 100644 --- a/sample/sample-config-files/loopback-client +++ b/sample/sample-config-files/loopback-client @@ -21,5 +21,6 @@ remote-cert-tls server ca sample-keys/ca.crt key sample-keys/client.key cert sample-keys/client.crt +tls-auth sample-keys/ta.key 1 ping 1 inactive 120 10000000 diff --git a/sample/sample-config-files/loopback-server b/sample/sample-config-files/loopback-server index 8cb97be..8e1f39c 100644 --- a/sample/sample-config-files/loopback-server +++ b/sample/sample-config-files/loopback-server @@ -21,5 +21,6 @@ dh sample-keys/dh2048.pem ca sample-keys/ca.crt key sample-keys/server.key cert sample-keys/server.crt +tls-auth sample-keys/ta.key 0 ping 1 inactive 120 10000000 diff --git a/sample/sample-config-files/server.conf b/sample/sample-config-files/server.conf index 701be3c..aa7d5b3 100644 --- a/sample/sample-config-files/server.conf +++ b/sample/sample-config-files/server.conf @@ -241,19 +241,26 @@ keepalive 10 120 # a copy of this key. # The second parameter should be '0' # on the server and '1' on the clients. -;tls-auth ta.key 0 # This file is secret +tls-auth ta.key 0 # This file is secret # Select a cryptographic cipher. # This config item must be copied to # the client config file as well. -;cipher BF-CBC # Blowfish (default) -;cipher AES-128-CBC # AES -;cipher DES-EDE3-CBC # Triple-DES - -# Enable compression on the VPN link. +# Note that 2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link and push the +# option to the client (2.4+ only, for earlier +# versions see below) +;compress lz4-v2 +;push "compress lz4-v2" + +# For compression compatible with older clients use comp-lzo # If you enable it here, you must also # enable it in the client config file. -comp-lzo +;comp-lzo # The maximum number of concurrently connected # clients we want to allow. @@ -302,3 +309,7 @@ verb 3 # sequential messages of the same message # category will be output to the log. ;mute 20 + +# Notify the client that when the server restarts so it +# can automatically reconnect. +explicit-exit-notify 1 \ No newline at end of file diff --git a/sample/sample-config-files/static-home.conf b/sample/sample-config-files/static-home.conf index c966687..ed0c672 100644 --- a/sample/sample-config-files/static-home.conf +++ b/sample/sample-config-files/static-home.conf @@ -26,6 +26,9 @@ up ./home.up # Our pre-shared static key secret static.key +# Cipher to use +cipher AES-256-CBC + # OpenVPN 2.0 uses UDP port 1194 by default # (official port assignment by iana.org 11/04). # OpenVPN 1.x uses UDP port 5000 by default. diff --git a/sample/sample-config-files/static-office.conf b/sample/sample-config-files/static-office.conf index 68030cc..609ddd0 100644 --- a/sample/sample-config-files/static-office.conf +++ b/sample/sample-config-files/static-office.conf @@ -23,6 +23,9 @@ up ./office.up # Our pre-shared static key secret static.key +# Cipher to use +cipher AES-256-CBC + # OpenVPN 2.0 uses UDP port 1194 by default # (official port assignment by iana.org 11/04). # OpenVPN 1.x uses UDP port 5000 by default. -- cgit v1.2.3