Last active
June 2, 2023 15:45
-
-
Save laurenorsini/9925434 to your computer and use it in GitHub Desktop.
OpenVPN configuration for /etc/openvpn/server.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
local 192.168.2.0 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS | |
dev tun | |
proto udp #Some people prefer to use tcp. Don't change it if you don't know. | |
port 1194 | |
ca /etc/openvpn/easy-rsa/keys/ca.crt | |
cert /etc/openvpn/easy-rsa/keys/Server.crt # SWAP WITH YOUR CRT NAME | |
key /etc/openvpn/easy-rsa/keys/Server.key # SWAP WITH YOUR KEY NAME | |
dh /etc/openvpn/easy-rsa/keys/dh1024.pem # If you changed to 2048, change that here! | |
server 10.8.0.0 255.255.255.0 | |
# server and remote endpoints | |
ifconfig 10.8.0.1 10.8.0.2 | |
# Add route to Client routing table for the OpenVPN Server | |
push "route 10.8.0.1 255.255.255.255" | |
# Add route to Client routing table for the OpenVPN Subnet | |
push "route 10.8.0.0 255.255.255.0" | |
# your local subnet | |
push "route 192.168.2.0 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS | |
# Set primary domain name server address to the SOHO Router | |
# If your router does not do DNS, you can use Google DNS 8.8.8.8 | |
push "dhcp-option DNS 192.168.2.1" # This should already match your router address and not need to be changed. | |
# Override the Client default gateway by using 0.0.0.0/1 and | |
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of | |
# overriding but not wiping out the original default gateway. | |
push "redirect-gateway def1" | |
client-to-client | |
duplicate-cn | |
keepalive 10 120 | |
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0 | |
cipher AES-128-CBC | |
comp-lzo | |
user nobody | |
group nogroup | |
persist-key | |
persist-tun | |
status /var/log/openvpn-status.log 20 | |
log /var/log/openvpn.log | |
verb 1 |
The following script in the repository enabled duplicate-cn by default. You don't want to change the config file.
https://github.com/gayankuruppu/openvpn-install-for-multiple-users
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
cert /etc/openvpn/easy-rsa/keys/Server.crt # SWAP WITH YOUR CRT NAME
key /etc/openvpn/easy-rsa/keys/Server.key # SWAP WITH YOUR KEY NAME
can someone explain what this means ? what is CRT and Key name or do i just leave it as so?