summaryrefslogtreecommitdiff
path: root/source/n/openvpn/slackware.conf
diff options
context:
space:
mode:
Diffstat (limited to 'source/n/openvpn/slackware.conf')
-rw-r--r--source/n/openvpn/slackware.conf178
1 files changed, 178 insertions, 0 deletions
diff --git a/source/n/openvpn/slackware.conf b/source/n/openvpn/slackware.conf
new file mode 100644
index 00000000..4314b544
--- /dev/null
+++ b/source/n/openvpn/slackware.conf
@@ -0,0 +1,178 @@
+# openvpn.conf.sample
+#
+# This is a sample configuration file for OpenVPN.
+# Not all options are listed here; you can find good documentation
+# about all of the options in OpenVPN's manual page - openvpn(8).
+#
+# You can make a P-t-P connection by creating a shared key,
+# copying this key to other hosts in your network, and changing
+# the IP addresses in this file.
+#
+# Commented options are provided for some typical configurations
+
+# Change the "search" path to /etc/openvpn
+# All files referenced in this configuration will be relative to
+# whatever directory is specified here - we default to /etc/openvpn
+cd /etc/openvpn
+
+# If running as a server, which local IP address should OpenVPN
+# listen on? Specify this as either a hostname or IP address. If
+# this is left blank, OpenVPN will default to listening on all
+# interfaces.
+#local a.b.c.d
+
+# This option defines the IP or DNS name of the other side of your VPN
+# connection. This option is needed if you are making client or P-t-P
+# connections. If you are the server, use "local" instead. This may
+# be specified as a domain name or IP address.
+#remote vpn.server.org
+
+# This option defins the protocol to use. Valid options are:
+# udp, tcp-server, or tcp-client. Default is udp, and generally
+# speaking, tcp is a bad idea.
+proto udp
+
+# This option defines the port on which your server will be listening
+# or trying to connect. The default is 1194
+port 1194
+
+# This option defines whether to use LZO compression.
+# If enabled, it must be enabled at both ends of the VPN connection.
+#comp-lzo
+
+# Debug level (default 1)
+#verb 3
+
+# VPN logfile location
+# If you don't specify a location here, logging will be done through
+# syslogd and write to /var/log/messages
+log-append /var/log/openvpn.log
+
+# If you want to use OpenVPN as a daemon, uncomment this line.
+# Generally speaking, servers should run OpenVPN as a daemon
+# and clients should not.
+#daemon
+
+# Device type to use, you can choose between tun or tap.
+# TUN is the most common option. If you have multiple connections,
+# it is a good idea to bind each connection to a separate TUN/TAP
+# interface using tunX/tapX, where X is the number of each interface.
+dev tun
+
+# This option prevents OpenVPN from closing and re-opening the tun/tap
+# device every time it receives a SIGUSR1 signal
+#persist-tun
+
+# This is similar to the previous option, but it prevents OpenVPN from
+# re-reading the key files every time
+#persist-key
+
+# If you are using a client-server architecture, you need to specify the
+# role of your computer in your VPN network. To use one of these options,
+# you need to configure TLS options too.
+#
+# To use the "server" option, you must specify a network subnet such
+# as 172.16.1.0 255.255.255.0. The first number is the network, the
+# second is the netmask. OpenVPN will take the first available IP
+# for itself (in our example, 172.16.1.1) and the rest will be
+# given to connecting clients dynamically.
+#
+# Leave these commented out if you are using OpenVPN in bridging mode.
+#
+#server 10.1.2.0 255.255.255.0
+#client
+
+# This option defines a file with IP address to client mapping.
+# This is useful in general, and necessary if clients use persist-tun.
+#ifconfig-pool-persist ips.txt
+
+# Enable this option if you want clients connected to this VPN to be
+# able to talk directly to each other
+#client-to-client
+
+# This option defines the directory in which configuration files for clients
+# will reside. With individual files you can make each client get different
+# options using "push" parameters
+#client-config-dir ccd
+
+# If you are using P-t-P, you need to specify the IP addresses at both ends
+# of your VPN connection. The IP addresses are reversed at the other side.
+#
+# You can use this to specify client IP addresses in ccd files (on server)
+# or directly in client configuration
+#ifconfig 10.1.2.1 10.1.2.2
+
+# You can set routes to specific networks. In the sample below, "vpn_gateway"
+# is an internal OpenVPN alias to your VPN gateway - leave it as is.
+# This will enable you to talk with the networks behind your VPN server.
+# Multiple routes can be specified.
+#
+# +------------+ <eth>-<tun> <tun>-<eth> +------------+
+# | Network1 |---| VPN1 |--[10.1.2.0/24]--| VPN2 |---| Network2 |
+# +------------+ +------+ +------+ +------------+
+# 192.168.0.0/24 192.168.2.0/24
+#
+# The sample below shows how VPN1 server can reach Network2
+#route 192.168.2.0 255.255.255.0 vpn_gateway
+
+# You can send clients many network configuration options using the
+# "push" directive and sending commands.
+# Multiple "push" directives can be used. You should only put global
+# "push" directives here. You can "push" different options to
+# different clients in per-client configuration files. See
+# "client-config-dir" above.
+#
+# Using the same network configuration that you see above, the route statment
+# here allows VPN2 to reach Network1
+#push "route-delay 2 600"
+#push "route 192.168.2.0 255.255.255.0 vpn_gateway"
+#push "persist-key"
+
+# This option sets the encryption algorithm to use in the VPN connection.
+# Available options are:
+# DES-CBC, RC2-CBC, DES-EDE-CBC, DES-EDE3-CBC,
+# DESX-CBC, BF-CBC, RC2-40-CBC, CAST5-CBC,
+# RC2-64-CBC, AES-128-CBC, AES-192-CBC and AES-256-CBC
+cipher BF-CBC
+
+# Shared Key Connection
+# ---------------------
+# Secret is one shared key between the hosts that want to connect through VPNs.
+# Without secret or TLS options, your data will not be encrypted.
+#
+# To generate an encryption key do:
+# openvpn --genkey --secret /etc/openvpn/keys/shared.key
+#
+# Do the above on one host and copy it to the others
+secret keys/shared.key
+
+# TLS Connections
+# ---------------
+# TLS must be used if you use option "server" or "client"
+# The basic idea there is: You have one Certificate Authority, and all
+# machines in your VPN network need to have individual certificates and
+# keys signed by Certificate Authority. This means each client can
+# have its own key, making it easier to revoke a key without copying
+# a shared secret key to every client.
+#
+# Inside the /usr/doc/openvpn-$VERSION documentation directory, you can
+# find "easy-rsa" scripts to make certificate and key management easier.
+
+# Certificate Authority file
+# This file must be identical on all hosts that connect to your VPN
+#ca certs/ca.crt
+
+# If you are the server, you need to specify some Diffie Hellman parameters.
+# OpenVPN provides some sample .pem files in documentation directory
+#dh my-dh.pem
+
+# Certificate and Key signed by Certificate Authority
+# Each machine needs to have their own unique certificate
+#cert certs/machine.cert
+#key keys/machine.key
+
+# To prevent some DoS attacks we can add another authentication layer in the
+# TLS control channel. This needs to be enabled at both ends to work
+# client uses the value 1; server uses the value 0
+#tls-auth keys/shared.key 0
+