server
port 1194
proto tcp-server
dev tap-xxxx01
dev tap-xxxx01
ca ./keys/ca.crt
cert ./keys/server-01.crt
key ./keys/server-01.key
crl-verify crl.pem
dh dh3072.pem
cert ./keys/server-01.crt
key ./keys/server-01.key
crl-verify crl.pem
dh dh3072.pem
tls-server
tls-auth ./keys/ta.key 0
tls-version-min 1.2
tls-auth ./keys/ta.key 0
tls-version-min 1.2
cipher AES-256-CBC
auth SHA512
auth SHA512
server 172.20.1.0 255.255.255.0
ifconfig-pool-persist ipp.txt
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
keepalive 10 120
persist-key
persist-tun
persist-tun
comp-lzo
user openvpn
group nogroup
group nogroup
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 3
log-append /var/log/openvpn/openvpn.log
verb 3
klient
client
remote ****
remote ****
dev tap-xxxx01
proto tcp4-client
nobind
script-security 2
proto tcp4-client
nobind
script-security 2
setenv PATH '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
ca ./xxxxnet01/ca.crt
cert ./xxxxnet01/B827EBC247AE.crt
key ./xxxxnet01/B827EBC247AE.key
cert ./xxxxnet01/B827EBC247AE.crt
key ./xxxxnet01/B827EBC247AE.key
auth-nocache
route-delay 2
route-delay 2
keepalive 10 120
remote-cert-tls server
tls-version-min 1.2
tls-auth ./xxxxnet01/ta.key 1
tls-version-min 1.2
tls-auth ./xxxxnet01/ta.key 1
cipher AES-256-CBC
auth SHA512
auth SHA512
persist-tun
persist-key
persist-key
comp-lzo
user nobody
group nogroup
group nogroup
iproute /usr/local/sbin/unpriv-ip
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 3
mute 15
log-append /var/log/openvpn.log
verb 3
mute 15