Last active
March 8, 2022 22:24
-
-
Save mcprat/94c810f644049f72f56ab1f612f242f2 to your computer and use it in GitHub Desktop.
debian 10 openvpn 2.5 stream server config (no encryption) (ECC)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| config openvpn 'gcloud' | |
| list remote 'xxx.xxx.xxx.xxx 9090' | |
| option auth_user_pass '/etc/openvpn/auth.txt' | |
| option askpass '/etc/openvpn/pass.txt' | |
| option ca '/etc/openvpn/vpn.ca' | |
| option cert '/etc/openvpn/remote.crt' | |
| option key '/etc/openvpn/remote.key' | |
| option tls_crypt '/etc/openvpn/hmac.key' | |
| list data_ciphers 'none' | |
| option client '1' | |
| option dev 'tun' | |
| option remote_cert_tls 'server' | |
| option auth 'MD5' | |
| option auth_retry 'nointeract' | |
| option float '1' | |
| option nobind '1' | |
| option fragment '1368' | |
| option mssfix '1368' | |
| option mtu_test '1' | |
| option route_metric '1' | |
| option user 'nobody' | |
| option group 'nogroup' | |
| option nice '-10' | |
| option verb '3' | |
| option enabled '1' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| remote xxx.xxx.xxx.xxx 9090 | |
| client | |
| dev tun | |
| remote-cert-tls server | |
| auth MD5 | |
| auth-nocache | |
| auth-user-pass | |
| auth-retry interact | |
| data-ciphers none | |
| float | |
| nobind | |
| fragment 1368 | |
| mssfix 1368 | |
| up-delay | |
| dhcp-renew | |
| register-dns | |
| keepalive 10 120 | |
| reneg-sec 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| PKI_DIR=/etc/openvpn/pki | |
| CRT_DIR=/etc/openvpn/pki/issued | |
| KEY_DIR=/etc/openvpn/pki/private | |
| OUTPUT_DIR=/etc/openvpn/clients | |
| BASE_CONFIG=/etc/openvpn/client.confbase | |
| cat ${BASE_CONFIG} > ${OUTPUT_DIR}/${1}.ovpn | |
| echo '<ca>' | cat >> ${OUTPUT_DIR}/${1}.ovpn | |
| cat ${PKI_DIR}/ca.crt >> ${OUTPUT_DIR}/${1}.ovpn | |
| echo '</ca>\n<cert>' | cat >> ${OUTPUT_DIR}/${1}.ovpn | |
| cat ${CRT_DIR}/${1}.crt >> ${OUTPUT_DIR}/${1}.ovpn | |
| echo '</cert>\n<key>' | cat >> ${OUTPUT_DIR}/${1}.ovpn | |
| cat ${KEY_DIR}/${1}.key >> ${OUTPUT_DIR}/${1}.ovpn | |
| echo '</key>\n<tls-crypt>' | cat >> ${OUTPUT_DIR}/${1}.ovpn | |
| cat ${OUTPUT_DIR}/../hmac.key >> ${OUTPUT_DIR}/${1}.ovpn | |
| echo '</tls-crypt>' | cat >> ${OUTPUT_DIR}/${1}.ovpn |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| port 9090 | |
| proto udp | |
| dev tun | |
| ca /etc/openvpn/pki/ca.crt | |
| cert /etc/openvpn/pki/issued/vpn0.crt | |
| key /etc/openvpn/pki/private/vpn0.key | |
| tls-crypt /etc/openvpn/hmac.key | |
| replay-persist /etc/openvpn/rp.txt | |
| #crl-verify crl ['dir'] | |
| dh none | |
| data-ciphers none | |
| #data-ciphers CHACHA20-POLY1305 | |
| auth MD5 | |
| prng none | |
| engine rdrand | |
| plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so login | |
| username-as-common-name | |
| #verify-client-cert optional | |
| topology subnet | |
| server 10.1.0.0 255.255.255.0 | |
| ifconfig-pool-persist /etc/openvpn/ipp.txt | |
| client-config-dir /etc/openvpn/clients | |
| client-to-client | |
| #mtu-disc yes | |
| fragment 1368 | |
| mssfix 1368 | |
| keepalive 10 120 | |
| max-clients 20 | |
| max-routes-per-client 10 | |
| #nice -10 | |
| #tmp-dir /tmp/openvpn | |
| user nobody | |
| group nogroup | |
| persist-tun | |
| persist-key | |
| status /etc/openvpn/openvpn-status.log | |
| explicit-exit-notify 1 | |
| reneg-sec 36000 | |
| push "dhcp-option DNS 10.1.0.1" | |
| push "dhcp-option DOMAIN domain.tld" | |
| push "persist-tun" | |
| push "persist-key" | |
| push "route 192.168.1.0 255.255.255.0" | |
| #push "route 192.168.10.0 255.255.255.0" | |
| push "route 192.168.11.0 255.255.255.0" | |
| push "route 192.168.92.0 255.255.255.0" | |
| push "route 192.168.96.0 255.255.255.0" | |
| push "route 192.168.102.0 255.255.255.0" | |
| push "route 192.168.103.0 255.255.255.0" | |
| push "route 192.168.104.0 255.255.255.0" | |
| push "route 192.168.105.0 255.255.255.0" | |
| route 192.168.1.0 255.255.255.0 | |
| route 192.168.10.0 255.255.255.0 | |
| route 192.168.11.0 255.255.255.0 | |
| route 192.168.92.0 255.255.255.0 | |
| route 192.168.96.0 255.255.255.0 | |
| route 192.168.102.0 255.255.255.0 | |
| route 192.168.103.0 255.255.255.0 | |
| route 192.168.104.0 255.255.255.0 | |
| route 192.168.105.0 255.255.255.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if [ -z "$EASYRSA_CALLER" ]; then | |
| echo "You appear to be sourcing an Easy-RSA 'vars' file." >&2 | |
| echo "This is no longer necessary and is disallowed. See the section called" >&2 | |
| echo "'How to use this file' near the top comments for more details." >&2 | |
| return 1 | |
| fi | |
| set_var EASYRSA "$PWD" | |
| set_var EASYRSA_PKI "$PWD/pki" | |
| set_var EASYRSA_REQ_COUNTRY "US" | |
| set_var EASYRSA_REQ_PROVINCE "State" | |
| set_var EASYRSA_REQ_CITY "City" | |
| set_var EASYRSA_REQ_ORG "ORG" | |
| set_var EASYRSA_REQ_EMAIL "[email protected]" | |
| set_var EASYRSA_REQ_OU "all" | |
| set_var EASYRSA_ALGO ec | |
| set_var EASYRSA_CURVE secp256r1 | |
| set_var EASYRSA_CA_EXPIRE 36500 | |
| set_var EASYRSA_CERT_EXPIRE 36500 | |
| set_var EASYRSA_CRL_DAYS 36500 | |
| set_var EASYRSA_DIGEST "sha512" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment