70 lines
1.4 KiB
Plaintext
70 lines
1.4 KiB
Plaintext
|
{% if proto == "udp" %}
|
||
|
dev tun0
|
||
|
proto udp
|
||
|
port 1194
|
||
|
management 127.0.0.1 7505
|
||
|
setenv service openvpn-udp
|
||
|
{% else %}
|
||
|
dev tun1
|
||
|
port-share 127.0.0.1 1443
|
||
|
proto tcp-server
|
||
|
port 443
|
||
|
socket-flags TCP_NODELAY
|
||
|
management 127.0.0.1 7506
|
||
|
setenv service openvpn-tcp
|
||
|
{% endif %}
|
||
|
|
||
|
# Client subnets
|
||
|
server {{ slot4.network_address }} {{ slot4.netmask }}
|
||
|
{% if slot6 %}
|
||
|
server-ipv6 {{ slot6 }}
|
||
|
{% endif %}
|
||
|
topology subnet
|
||
|
|
||
|
# Bind to all interfaces
|
||
|
local 0.0.0.0
|
||
|
|
||
|
# Send keep alive packets, mainly for UDP
|
||
|
keepalive 60 120
|
||
|
|
||
|
opt-verify
|
||
|
|
||
|
# Keypairs
|
||
|
key /server-secrets/self_key.pem
|
||
|
cert /server-secrets/self_cert.pem
|
||
|
ca /server-secrets/ca_cert.pem
|
||
|
|
||
|
# Push subnets
|
||
|
{% if push %}
|
||
|
push "route-metric 10002
|
||
|
{% endif %}
|
||
|
{% for subnet in push4 %}
|
||
|
push "route {{ subnet.network_address }} {{ subnet.netmask }}"
|
||
|
{% endfor %}
|
||
|
{% for subnet in push6 %}
|
||
|
push "route-ipv6 {{ subnet }}"
|
||
|
{% endfor %}
|
||
|
|
||
|
# DH parameters file
|
||
|
dh none
|
||
|
#dhparam.pem
|
||
|
|
||
|
# Control channel encryption parameterss
|
||
|
# For more info see: openvpn --show-tls
|
||
|
tls-version-min {{ openvpn_tls_version_min }}
|
||
|
tls-ciphersuites {{ openvpn_tls_ciphersuites }} # Used by TLS 1.3
|
||
|
tls-cipher {{ openvpn_tls_cipher }} # Used by TLS 1.2
|
||
|
|
||
|
# Data channel encryption parameters
|
||
|
cipher {{ openvpn_cipher }}
|
||
|
auth {{ openvpn_auth }}
|
||
|
|
||
|
# Just to sanity check ourselves
|
||
|
tls-cert-profile preferred
|
||
|
|
||
|
script-security 2
|
||
|
learn-address /helpers/learn-address.py
|
||
|
client-connect /helpers/client-connect.py
|
||
|
#verb 0
|
||
|
|