# # Sample OpenVPN configuration file for # home using SSL/TLS mode and RSA certificates/keys. # # '#' or ';' may be used to delimit comments. # Use a dynamic tun device. For non-Linux OSes, you may want to use an # explicit unit number such as "tun1". # OpenVPN also supports virtual ethernet "tap" devices. dev tun # Our OpenVPN peer is the office gateway. remote 1.2.3.4 # 10.1.0.2 is our local VPN endpoint (home). # 10.1.0.1 is our remote VPN endpoint (office). ifconfig 10.1.0.2 10.1.0.1 # Our up script will establish routes # once the VPN is alive. up ./home.up # In SSL/TLS key exchange, Office will # assume server role and Home # will assume client role. tls-client # Certificate Authority file ca my-ca.crt # Our certificate/public key cert home.crt # Our private key key home.key # Our data channel cipher (must match peer config) cipher AES-256-GCM # OpenVPN 2.0 uses UDP port 1194 by default # (official port assignment by iana.org 11/04). # OpenVPN 1.x uses UDP port 5000 by default. # Each OpenVPN tunnel must use # a different port number. # lport or rport can be used # to denote different ports # for local and remote. ; port 1194 # Downgrade UID and GID to # "nobody" after initialization # for extra security. ; user nobody ; group nobody # If you built OpenVPN with # LZO compression, uncomment # out the following line. ; comp-lzo # Send a UDP ping to remote once # every 15 seconds to keep # stateful firewall connection # alive. Uncomment this # out if you are using a stateful # firewall. ; ping 15 # Uncomment this section for a more reliable detection when a system # loses its connection. For example, dial-ups or laptops that # travel to other locations. ; ping 15 ; ping-restart 45 ; ping-timer-rem ; persist-tun ; persist-key # Verbosity level. # 0 -- quiet except for fatal errors. # 1 -- mostly quiet, but display non-fatal network errors. # 3 -- medium output, good for normal operation. # 9 -- verbose, good for troubleshooting verb 3