58 lines
1.1 KiB
Plaintext
58 lines
1.1 KiB
Plaintext
|
# Copy this file to /etc/certidude/template.ovpn and customize as you see fit
|
||
|
|
|
||
|
|
# Note: don't append comments to lines, Ubuntu 16.04 NetworkManager importer is very picky
|
||
|
|
# See more potential problems here:
|
||
|
|
# https://askubuntu.com/questions/761684/error-the-plugin-does-not-support-import-capability-when-attempting-to-import
|
||
|
|
|
||
|
|
# Run as OpenVPN client, pull routes, DNS server, DNS suffix from gateway
|
||
|
|
client
|
||
|
|
|
||
|
|
# OpenVPN gateway(s)
|
||
|
|
nobind
|
||
|
|
;proto udp
|
||
|
|
;port 1194
|
||
|
|
{% if servers %}
|
||
|
|
remote-random
|
||
|
|
{% for server in servers %}
|
||
|
|
remote {{ server }}
|
||
|
|
{% endfor %}
|
||
|
|
{% else %}
|
||
|
|
remote 1.2.3.4
|
||
|
|
{% endif %}
|
||
|
|
|
||
|
|
# Virtual network interface settings
|
||
|
|
dev tun
|
||
|
|
persist-tun
|
||
|
|
|
||
|
|
# Customize crypto settings
|
||
|
|
;tls-version-min 1.2
|
||
|
|
;tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
|
||
|
|
;cipher AES-256-CBC
|
||
|
|
;auth SHA384
|
||
|
|
|
||
|
|
# Check that server presented certificate has TLS Server flag present
|
||
|
|
remote-cert-tls server
|
||
|
|
|
||
|
|
# X.509 business
|
||
|
|
persist-key
|
||
|
|
<ca>
|
||
|
|
{{ca}}
|
||
|
|
</ca>
|
||
|
|
<key>
|
||
|
|
{{key}}
|
||
|
|
</key>
|
||
|
|
<cert>
|
||
|
|
{{cert}}
|
||
|
|
</cert>
|
||
|
|
|
||
|
|
# Revocation list
|
||
|
|
# Tunnelblick doens't handle inlined CRL
|
||
|
|
# hard to update as well
|
||
|
|
;<crl-verify>
|
||
|
|
;</crl-verify>
|
||
|
|
|
||
|
|
# Pre-shared key for extra layer of security
|
||
|
|
;<ta>
|
||
|
|
;</ta>
|
||
|
|
|