Update openvpn config one more time
This commit is contained in:
parent
a122173b63
commit
b12f18e01f
@ -19,9 +19,18 @@ ca /etc/openvpn/vpnclient/ca.crt
|
|||||||
cert /etc/openvpn/vpnclient/jan-philipp.timme@hs-hannover.de.crt
|
cert /etc/openvpn/vpnclient/jan-philipp.timme@hs-hannover.de.crt
|
||||||
key /etc/openvpn/vpnclient/jan-philipp.timme@hs-hannover.de.key
|
key /etc/openvpn/vpnclient/jan-philipp.timme@hs-hannover.de.key
|
||||||
|
|
||||||
|
# Assume tls client role
|
||||||
|
tls-client
|
||||||
|
|
||||||
# Make sure the server presents a certificate with "server role"
|
# Make sure the server presents a certificate with "server role"
|
||||||
remote-cert-tls server
|
remote-cert-tls server
|
||||||
|
|
||||||
|
# Specific settings regarding TLS, chiphers and hash algorithms
|
||||||
|
cipher AES-256-GCM
|
||||||
|
auth SHA256
|
||||||
|
tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
tls-version-min "1.2"
|
||||||
|
|
||||||
# Make sure to detect broken sessions
|
# Make sure to detect broken sessions
|
||||||
keepalive 10 30
|
keepalive 10 30
|
||||||
|
|
||||||
|
@ -10,6 +10,11 @@ dev tun
|
|||||||
ca /etc/openvpn/vpnserver/ca.crt
|
ca /etc/openvpn/vpnserver/ca.crt
|
||||||
cert /etc/openvpn/vpnserver/aither.inform.hs-hannover.de.crt
|
cert /etc/openvpn/vpnserver/aither.inform.hs-hannover.de.crt
|
||||||
key /etc/openvpn/vpnserver/aither.inform.hs-hannover.de.key
|
key /etc/openvpn/vpnserver/aither.inform.hs-hannover.de.key
|
||||||
|
|
||||||
|
# Assume tls server role
|
||||||
|
tls-server
|
||||||
|
|
||||||
|
# Diffie-Hellman parameters
|
||||||
dh /etc/openvpn/vpnserver/dh.pem
|
dh /etc/openvpn/vpnserver/dh.pem
|
||||||
|
|
||||||
# Certificate revocation list
|
# Certificate revocation list
|
||||||
@ -21,9 +26,7 @@ remote-cert-tls client
|
|||||||
# Allow multiple connections using the same certificate?
|
# Allow multiple connections using the same certificate?
|
||||||
#duplicate-cn
|
#duplicate-cn
|
||||||
|
|
||||||
# net30 is point-to-point, compatible with windows
|
# We're using subnet topology
|
||||||
# TODO: Topology subnet is supposed to work with windows just fine. CHECK THIS
|
|
||||||
# Subnet topology is supposed to be working with windows clients just fine.
|
|
||||||
topology subnet
|
topology subnet
|
||||||
|
|
||||||
# Use this IPv4 range for clients (/16, so we can cope with all possible clients)
|
# Use this IPv4 range for clients (/16, so we can cope with all possible clients)
|
||||||
@ -48,6 +51,12 @@ push "route 10.0.0.0 255.255.255.0 vpn_gateway"
|
|||||||
# Push the whole /56 block for IPv6
|
# Push the whole /56 block for IPv6
|
||||||
push "route-ipv6 2003:638:614:1700::/56"
|
push "route-ipv6 2003:638:614:1700::/56"
|
||||||
|
|
||||||
|
# Specific settings regarding TLS, chiphers and hash algorithms
|
||||||
|
cipher AES-256-GCM
|
||||||
|
auth SHA256
|
||||||
|
tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
tls-version-min "1.2"
|
||||||
|
|
||||||
# Make sure to detect broken sessions
|
# Make sure to detect broken sessions
|
||||||
keepalive 10 60
|
keepalive 10 60
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user