doc:appunti:linux:sa:openvpn_easy_rsa
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| doc:appunti:linux:sa:openvpn_easy_rsa [2024/01/10 16:30] – [Creazione della CA] niccolo | doc:appunti:linux:sa:openvpn_easy_rsa [2024/01/24 16:39] (current) – [File di configurazione per il client] niccolo | ||
|---|---|---|---|
| Line 97: | Line 97: | ||
| < | < | ||
| + | # | ||
| + | # OpenVPN configuration for Easy-RSA server. | ||
| + | # | ||
| verb 3 | verb 3 | ||
| status / | status / | ||
| - | port 1194 | + | lport 1194 |
| proto udp | proto udp | ||
| dev tun | dev tun | ||
| Line 121: | Line 124: | ||
| ifconfig-pool-persist ipp.txt | ifconfig-pool-persist ipp.txt | ||
| push " | push " | ||
| + | # Route only the the local LAN. | ||
| push "route 192.168.0.0 255.255.255.0" | push "route 192.168.0.0 255.255.255.0" | ||
| + | # Route all the traffic through the VPN. | ||
| + | #push " | ||
| keepalive 10 120 | keepalive 10 120 | ||
| Line 190: | Line 196: | ||
| pull | pull | ||
| remote 10.0.1.189 1194 | remote 10.0.1.189 1194 | ||
| + | # Routing is pushed by the server. | ||
| + | # | ||
| + | # Route only the remote LAN. | ||
| + | #route 192.168.1.0 255.255.255.0 vpn_gateway | ||
| + | # Route all the internet traffic through the VPN. | ||
| + | # | ||
| remote-cert-tls server | remote-cert-tls server | ||
| resolv-retry infinite | resolv-retry infinite | ||
| Line 197: | Line 209: | ||
| reneg-sec 60 | reneg-sec 60 | ||
| key-direction 1 | key-direction 1 | ||
| - | cipher AES-256-CBC | + | # The --cipher option is used to connect OpenVPN older than 2.6.0. |
| + | #cipher AES-256-CBC | ||
| + | # Newer connections using TLS uses the --data-ciphers option. | ||
| + | data-ciphers AES-256-GCM: | ||
| auth SHA256 | auth SHA256 | ||
| auth-nocache | auth-nocache | ||
doc/appunti/linux/sa/openvpn_easy_rsa.1704900611.txt.gz · Last modified: 2024/01/10 16:30 by niccolo