1# 2# Sample OpenVPN configuration file for 3# office using SSL/TLS mode and RSA certificates/keys. 4# 5# '#' or ';' may be used to delimit comments. 6 7# Use a dynamic tun device. 8# For Linux 2.2 or non-Linux OSes, 9# you may want to use an explicit 10# unit number such as "tun1". 11# OpenVPN also supports virtual 12# ethernet "tap" devices. 13dev tun 14 15# 10.1.0.1 is our local VPN endpoint (office). 16# 10.1.0.2 is our remote VPN endpoint (home). 17ifconfig 10.1.0.1 10.1.0.2 18 19# Our up script will establish routes 20# once the VPN is alive. 21up ./office.up 22 23# In SSL/TLS key exchange, Office will 24# assume server role and Home 25# will assume client role. 26tls-server 27 28# Diffie-Hellman Parameters (tls-server only) 29dh dh2048.pem 30 31# Certificate Authority file 32ca my-ca.crt 33 34# Our certificate/public key 35cert office.crt 36 37# Our private key 38key office.key 39 40# Our data channel cipher (must match peer config) 41cipher AES-256-GCM 42 43# OpenVPN 2.0 uses UDP port 1194 by default 44# (official port assignment by iana.org 11/04). 45# OpenVPN 1.x uses UDP port 5000 by default. 46# Each OpenVPN tunnel must use 47# a different port number. 48# lport or rport can be used 49# to denote different ports 50# for local and remote. 51; port 1194 52 53# Downgrade UID and GID to 54# "openvpn" after initialization 55# for extra security. 56; user openvpn 57; group openvpn 58 59# If you built OpenVPN with 60# LZO compression, uncomment 61# out the following line. 62; comp-lzo 63 64# Send a UDP ping to remote once 65# every 15 seconds to keep 66# stateful firewall connection 67# alive. Uncomment this 68# out if you are using a stateful 69# firewall. 70; ping 15 71 72# Uncomment this section for a more reliable detection when a system 73# loses its connection. For example, dial-ups or laptops that 74# travel to other locations. 75; ping 15 76; ping-restart 45 77; ping-timer-rem 78; persist-tun 79; persist-key 80 81# Verbosity level. 82# 0 -- quiet except for fatal errors. 83# 1 -- mostly quiet, but display non-fatal network errors. 84# 3 -- medium output, good for normal operation. 85# 9 -- verbose, good for troubleshooting 86verb 3 87