1#
2# Sample OpenVPN configuration file for
3# office using SSL/TLS mode and RSA certificates/keys.
4#
5# '#' or ';' may be used to delimit comments.
6
7# Use a dynamic tun device.
8# For Linux 2.2 or non-Linux OSes,
9# you may want to use an explicit
10# unit number such as "tun1".
11# OpenVPN also supports virtual
12# ethernet "tap" devices.
13dev tun
14
15# 10.1.0.1 is our local VPN endpoint (office).
16# 10.1.0.2 is our remote VPN endpoint (home).
17ifconfig 10.1.0.1 10.1.0.2
18
19# Our up script will establish routes
20# once the VPN is alive.
21up ./office.up
22
23# In SSL/TLS key exchange, Office will
24# assume server role and Home
25# will assume client role.
26tls-server
27
28# Diffie-Hellman Parameters (tls-server only)
29dh dh2048.pem
30
31# Certificate Authority file
32ca my-ca.crt
33
34# Our certificate/public key
35cert office.crt
36
37# Our private key
38key office.key
39
40# Our data channel cipher (must match peer config)
41cipher AES-256-GCM
42
43# OpenVPN 2.0 uses UDP port 1194 by default
44# (official port assignment by iana.org 11/04).
45# OpenVPN 1.x uses UDP port 5000 by default.
46# Each OpenVPN tunnel must use
47# a different port number.
48# lport or rport can be used
49# to denote different ports
50# for local and remote.
51; port 1194
52
53# Downgrade UID and GID to
54# "openvpn"  after initialization
55# for extra security.
56; user openvpn
57; group openvpn
58
59# If you built OpenVPN with
60# LZO compression, uncomment
61# out the following line.
62; comp-lzo
63
64# Send a UDP ping to remote once
65# every 15 seconds to keep
66# stateful firewall connection
67# alive.  Uncomment this
68# out if you are using a stateful
69# firewall.
70; ping 15
71
72# Uncomment this section for a more reliable detection when a system
73# loses its connection.  For example, dial-ups or laptops that
74# travel to other locations.
75; ping 15
76; ping-restart 45
77; ping-timer-rem
78; persist-tun
79; persist-key
80
81# Verbosity level.
82# 0 -- quiet except for fatal errors.
83# 1 -- mostly quiet, but display non-fatal network errors.
84# 3 -- medium output, good for normal operation.
85# 9 -- verbose, good for troubleshooting
86verb 3
87