36 lines
944 B
Plaintext
36 lines
944 B
Plaintext
client
|
|
nobind{% for router in session.service.routers %}
|
|
remote {{ router }}{% endfor %}
|
|
proto tcp-client
|
|
port 443
|
|
tls-version-min 1.2
|
|
tls-cipher TLS-{% if session.authority.certificate.algorithm == "ec" %}ECDHE-ECDSA{% else %}DHE-RSA{% endif %}-WITH-AES-256-GCM-SHA384
|
|
cipher AES-128-GCM
|
|
auth SHA384
|
|
mute-replay-warnings
|
|
reneg-sec 0
|
|
remote-cert-tls server
|
|
dev tun
|
|
persist-tun
|
|
persist-key
|
|
{% if ca %}
|
|
<ca>
|
|
{{ ca }}
|
|
</ca>
|
|
{% else %}ca /etc/certidude/authority/{{ session.authority.hostname }}/ca_cert.pem{% endif %}
|
|
{% if key %}
|
|
<key>
|
|
{{ key }}
|
|
</key>
|
|
{% else %}key /etc/certidude/authority/{{ session.authority.hostname }}/host_key.pem{% endif %}
|
|
{% if cert %}
|
|
<cert>
|
|
{{ cert }}
|
|
</cert>
|
|
{% else %}cert /etc/certidude/authority/{{ session.authority.hostname }}/host_cert.pem{% endif %}
|
|
|
|
# To enable dynamic DNS server update on Ubuntu, uncomment these
|
|
#script-security 2
|
|
#up /etc/openvpn/update-resolv-conf
|
|
#down /etc/openvpn/update-resolv-conf
|