JPT
/
masterthesis
0
0
Fork 0
Code Issues Pull Requests Activity

Minor fixups in config

This commit is contained in:
Jan Philipp Timme 2018-09-19 21:48:08 +02:00
parent 0d62622f15
commit 7dbe58aeda
2 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
openvpn-config/vpnclient.conf
View File

@ -14,7 +14,7 @@ dev tun
# Specify vpn server # Specify vpn server
remote vpn-test.inform.hs-hannover.de 1194 remote vpn-test.inform.hs-hannover.de 1194
# Certificates # Certificates (relative paths work, too)
ca /etc/openvpn/vpnclient/ca.crt ca /etc/openvpn/vpnclient/ca.crt
cert /etc/openvpn/vpnclient/jan-philipp.timme@hs-hannover.de.crt cert /etc/openvpn/vpnclient/jan-philipp.timme@hs-hannover.de.crt
key /etc/openvpn/vpnclient/jan-philipp.timme@hs-hannover.de.key key /etc/openvpn/vpnclient/jan-philipp.timme@hs-hannover.de.key
@ -39,6 +39,7 @@ persist-key
persist-tun persist-tun
# Reduced privileges if possible (uncomment and adapt on unix/linux system) # Reduced privileges if possible (uncomment and adapt on unix/linux system)
# Note: On some systems, the group is "nobody" instead of "nogroup".
user nobody user nobody
group nogroup group nogroup

15
openvpn-config/vpnserver.conf
View File

@ -1,13 +1,15 @@
# Listen on 1194 for both IPv4 and IPv6 # Listen on 1194 for both IPv4 and IPv6
port 1194 port 1194
multihome
proto udp proto udp
proto udp6 proto udp6
# Since we have more than one ip address, this makes openvpn respond with sender addresses
multihome
# We're using the layer 3 tunnel device # We're using the layer 3 tunnel device
dev tun dev tun
# Certificates # Certificates (relative paths work, too)
ca /etc/openvpn/vpnserver/ca.crt ca /etc/openvpn/vpnserver/ca.crt
cert /etc/openvpn/vpnserver/aither.inform.hs-hannover.de.crt cert /etc/openvpn/vpnserver/aither.inform.hs-hannover.de.crt
key /etc/openvpn/vpnserver/aither.inform.hs-hannover.de.key key /etc/openvpn/vpnserver/aither.inform.hs-hannover.de.key
@ -25,7 +27,8 @@ crl-verify /etc/openvpn/vpnserver/crl.pem
remote-cert-tls client remote-cert-tls client
# Allow multiple connections using the same certificate? # Allow multiple connections using the same certificate?
#duplicate-cn # Currently, we do.
duplicate-cn
# We're using subnet topology # We're using subnet topology
topology subnet topology subnet
@ -37,7 +40,7 @@ server 10.2.0.0 255.255.0.0
server-ipv6 2001:638:614:1750::/64 server-ipv6 2001:638:614:1750::/64
# Do we need persistence here? # Do we need persistence here?
# No, not yet. # No, not yet. Probably never.
#ifconfig-pool-persist /etc/openvpn/vpnserver/ipp.txt #ifconfig-pool-persist /etc/openvpn/vpnserver/ipp.txt
# Make sure the client can still reach the OpenVPN server via its default gateway # Make sure the client can still reach the OpenVPN server via its default gateway
@ -50,7 +53,8 @@ push "route 10.3.1.0 255.255.255.0 vpn_gateway"
push "route 10.0.0.0 255.255.255.0 vpn_gateway" push "route 10.0.0.0 255.255.255.0 vpn_gateway"
# Push the whole /56 block for IPv6 # Push the whole /56 block for IPv6
push "route-ipv6 2003:638:614:1700::/56" # (The vpn_gateway placeholder does not work here.)
push "route-ipv6 2003:638:614:1700::/56 2001:638:614:1750::1"
# Specific settings regarding TLS, chiphers and hash algorithms # Specific settings regarding TLS, chiphers and hash algorithms
cipher AES-256-GCM cipher AES-256-GCM
@ -74,4 +78,5 @@ verb 3
mute 5 mute 5
# Have a status log if needed. # Have a status log if needed.
# We do not need it.
# status /etc/openvpn/vpnserver/status.log # status /etc/openvpn/vpnserver/status.log