Installing OpenVPN on ASUS RT-N66U

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
N66U
OpenVpn Newbie
Posts: 6
Joined: Thu May 11, 2017 5:22 pm

Installing OpenVPN on ASUS RT-N66U

Post by N66U » Thu May 11, 2017 5:25 pm

Hello,
today I started OpenVPN on my router ASUS RT-N66U. Downloaded OpenVPN app in iPhone, everything works fine. But I downloaded TunnelBlick into my MAC and I can't start VPN.

Error:
*Tunnelblick: OS X 10.12.4; Tunnelblick 3.7.0 (build 4790)
2017-05-11 19:20:07 *Tunnelblick: Attempting connection with home; Set nameserver = 769; monitoring connection
2017-05-11 19:20:07 *Tunnelblick: openvpnstart start home.tblk 1337 769 0 3 0 1065264 -ptADGNWradsgnw 2.3.14-openssl-1.0.2k
2017-05-11 19:20:08 *Tunnelblick:

Could not start OpenVPN (openvpnstart returned with status #251)

Contents of the openvpnstart log:
*Tunnelblick: openvpnstart log:
OpenVPN returned with status 1, errno = 0:
Undefined error: 0

Command used to start OpenVPN (one argument per displayed line):

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.14-openssl-1.0.2k/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Shome.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1065264.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Shared/home.tblk/Contents/Resources
--verb
3
--config
/Library/Application Support/Tunnelblick/Shared/home.tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application Support/Tunnelblick/Shared/home.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

Contents of the OpenVPN log:

Options error: Unrecognized option or missing parameter(s) in /Library/Application Support/Tunnelblick/Shared/home.tblk/Contents/Resources/config.ovpn:6: ncp-ciphers (2.3.14)
Use --help for more information.

More details may be in the Console Log's "All Messages"
Can anybody help me please? I have NAS Synology DS216play, maybe will be better to install OpenVPN there instead of router?
Thank you

N66U
OpenVpn Newbie
Posts: 6
Joined: Thu May 11, 2017 5:22 pm

Re: Installing OpenVPN on ASUS RT-N66U

Post by N66U » Thu May 11, 2017 5:34 pm

fixed: I changed OpenVPN version from 2.3.1. to 2.4.0. - Open SSLv.1.0.2k

N66U
OpenVpn Newbie
Posts: 6
Joined: Thu May 11, 2017 5:22 pm

Re: Installing OpenVPN on ASUS RT-N66U

Post by N66U » Fri May 12, 2017 2:43 pm

another problem. Tried to connect via VPN on my iPhone but I'm not getting router's IP. I'm still have IP address of my carrier.

Home.ovpn
home
client
dev tun
proto udp
remote my.ddns 1194
push "redirect-gateway def1"
float
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
comp-lzo adaptive
keepalive 15 60
ns-cert-type server
<ca>
-----BEGIN CERTIFICATE-----
MIIDMTCCApqgAwIBAgIJAJV+Az8IsE+lMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV
BAYTAlRXMQswCQYDVQQIEwJUVzEPMA0GA1UEBxMGVGFpcGVpMQ0wCwYDVQQKEwRB
U1VTMRAwDgYDVQQDEwdSVC1ONjZVMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3Qu
bXlkb21haW4wHhcNMTcwNTExMTU1NTU0WhcNMjcwNTA5MTU1NTU0WjBvMQswCQYD
VQQGEwJUVzELMAkGA1UECBMCVFcxDzANBgNVBAcTBlRhaXBlaTENMAsGA1UEChME
QVNVUzEQMA4GA1UEAxMHUlQtTjY2VTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0
Lm15ZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlKPvtz8vjniMk
VXngCLbxq87w/c4TGVJFywpIH8PdYdYILSlDzUX7wXYqricF8gFIQY8/kHweCP7m
ZW/PoOC/KSWw+NqRQb9fLGF0ys6CvqRwOS8kEY7ODyaRg11UbraHwx4H6/iDCbiU
vc5loaLKuB/Kbwc8+3rMNVk4bPaJiQIDAQABo4HUMIHRMB0GA1UdDgQWBBQa5oY/
zeP7h4j3S5/SF32MpNu4UzCBoQYDVR0jBIGZMIGWgBQa5oY/zeP7h4j3S5/SF32M
pNu4U6FzpHEwbzELMAkGA1UEBhMCVFcxCzAJBgNVBAgTAlRXMQ8wDQYDVQQHEwZU
YWlwZWkxDTALBgNVBAoTBEFTVVMxEDAOBgNVBAMTB1JULU42NlUxITAfBgkqhkiG
9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpboIJAJV+Az8IsE+lMAwGA1UdEwQFMAMB
Af8wDQYJKoZIhvcNAQELBQADgYEAPwIdqD2e86OMCz6m0SiEHOrN6l/+fAli6rfy
e66uVggLmDH41Jm281yrVUpQ7+Qvn10IjnXm2c97helbVMRlW8DCBiCwQT905tiq
SNnpwuXrCgJnK4lRMfwXr2rMkrmQdUODexbcYC4ROr3EZ7SKwDkAjZnVH+skNbjP
L7BZHPI=
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIDeDCCAuGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJUVzEL
MAkGA1UECBMCVFcxDzANBgNVBAcTBlRhaXBlaTENMAsGA1UEChMEQVNVUzEQMA4G
A1UEAxMHUlQtTjY2VTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWlu
MB4XDTE3MDUxMTE1NTU1NloXDTI3MDUwOTE1NTU1NlowbjELMAkGA1UEBhMCVFcx
CzAJBgNVBAgTAlRXMQ8wDQYDVQQHEwZUYWlwZWkxDTALBgNVBAoTBEFTVVMxDzAN
BgNVBAMTBmNsaWVudDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWlu
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCc0ZGd0WVSmROlFVvs81cdUc/z
CqQxHXoANHRghFUTM+hXSf0EP6Gv5T3oymVoO78CGRHSFSaDEbDTdwgaD5BAg/tp
MF7oY4OKk20CA0r+CmeOlPZxVgs7JH+OpaTmH9yeFtYNMxrom+i+9s/2msF+r9v/
zojmsrw8NUE7sJFmhQIDAQABo4IBIzCCAR8wCQYDVR0TBAIwADAtBglghkgBhvhC
AQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRy
0dL4/eUvnrYGpcyg1rnr6UEPtzCBoQYDVR0jBIGZMIGWgBQa5oY/zeP7h4j3S5/S
F32MpNu4U6FzpHEwbzELMAkGA1UEBhMCVFcxCzAJBgNVBAgTAlRXMQ8wDQYDVQQH
EwZUYWlwZWkxDTALBgNVBAoTBEFTVVMxEDAOBgNVBAMTB1JULU42NlUxITAfBgkq
hkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpboIJAJV+Az8IsE+lMBMGA1UdJQQM
MAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOBgQBj3DN8
LL0TyG0agSOxc1uMWZ3olRfUam9g38hPk7TCEyZhbX2gbmjuCt2uQRraLjFhBNX6
66apkvO67h6ajhMAjRimE0zMO0IBLd4svbsogOLK60AI9vupq3ViSogRXOFbiT6U
dNTbTbtq9POooo+GbFGzikdqsrRCxkR5+c++hA==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAJzRkZ3RZVKZE6UV
W+zzVx1Rz/MKpDEdegA0dGCEVRMz6FdJ/QQ/oa/lPejKZWg7vwIZEdIVJoMRsNN3
CBoPkECD+2kwXuhjg4qTbQIDSv4KZ46U9nFWCzskf46lpOYf3J4W1g0zGuib6L72
z/aawX6v2//OiOayvDw1QTuwkWaFAgMBAAECgYEAiIekwcQm9Oy1P8sCx59svugV
pkIjhWdmantAvy83aoqMxEJ0eJh1ytBJQD3GYCN0Pv1YmJE1gHOMge9mLFpUeZoL
til92ePmRbHJf7A9j6YOEvzzm+jjWprJ0N8qk12GP8gAluuIGIVWzv8qegrXEVG5
ojqRrMys3XZ2tRsMa1kCQQDIgCvmMlJ9hwOlZfz19tzKPkXslC7Vb8oCnUtRcjKl
Gdwv+P6gid12pNx9ssfZzXUQIqoY3P6A6Ail/ivEeTeHAkEAyDoC6bFickrpL/wn
x65ZI2KS5gA/zuKDT8obu/M6+e62PoyWxzDJVCmsDMyh9NK1vyc7ODBfwzvzS7Eq
tW5ckwJAYE1fyINnJ6/PyoPACov15JYgk89g51d4WeUfJhGJzc8r+UbJVmahnrj0
xtM2NqD+ly9vL94Fx/irHr+EWiw2xQJASOcGZHxXsfGgkf4npcbPYdjkT6ZLlVJY
KVcXXgmjsZi+9mtOAty6kVBS+p4PYgrObfkk0MKcO4O6hBbPzBuQzQJBAJ7OgZpS
xVRYfdFgRVf0z1ZttN+hdNY7hMknvRYh622TwUu3DuAQUzCMlYXRYr376Xs0HWjX
H+rJzf7abSFJpp8=
-----END PRIVATE KEY-----
</key>
resolv-retry infinite
nobind

N66U
OpenVpn Newbie
Posts: 6
Joined: Thu May 11, 2017 5:22 pm

Re: Installing OpenVPN on ASUS RT-N66U

Post by N66U » Fri May 12, 2017 7:39 pm

Ok it works fine now but found another problem.

If I'm on cellular, turn on vpn, it works perfect. But when I go ar home (connect to home wifi), wifi cant connect. Still see VPN icon and 4G and connection doesnt work (pages not load etc). I must turn off openvpn manually

Any fix?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Installing OpenVPN on ASUS RT-N66U

Post by TinCanTech » Fri May 12, 2017 9:45 pm

N66U wrote:client

push "redirect-gateway def1"
See --push in The Manual v24x

N66U
OpenVpn Newbie
Posts: 6
Joined: Thu May 11, 2017 5:22 pm

Re: Installing OpenVPN on ASUS RT-N66U

Post by N66U » Sat May 13, 2017 8:32 am

TinCanTech wrote:
N66U wrote:client

push "redirect-gateway def1"
See --push in The Manual v24x
Really don't understand what do I need to do :)

N66U
OpenVpn Newbie
Posts: 6
Joined: Thu May 11, 2017 5:22 pm

Re: Installing OpenVPN on ASUS RT-N66U

Post by N66U » Sat May 13, 2017 8:50 am

Can you check if config is ok now? removed push "redirect-gateway def1"

here is tunnelblick log from MAC
*Tunnelblick: OS X 10.12.4; Tunnelblick 3.7.1 (build 4811); prior version 3.7.0 (build 4790)
2017-05-13 10:56:11 *Tunnelblick: Attempting connection with Domov; Set nameserver = 769; monitoring connection
2017-05-13 10:56:11 *Tunnelblick: openvpnstart start Domov.tblk 1337 769 0 3 0 1065776 -ptADGNWradsgnw 2.4.2-libressl-2.5.0
2017-05-13 10:56:11 *Tunnelblick: openvpnstart starting OpenVPN
2017-05-13 10:56:12 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.2-libressl-2.5.0/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-SDomov.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1065776.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Shared/Domov.tblk/Contents/Resources
--verb
3
--config
/Library/Application Support/Tunnelblick/Shared/Domov.tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application Support/Tunnelblick/Shared/Domov.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--redirect-gateway
def1
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

2017-05-13 10:56:12 OpenVPN 2.4.2 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on May 12 2017
2017-05-13 10:56:12 library versions: LibreSSL 2.5.0, LZO 2.09
2017-05-13 10:56:12 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2017-05-13 10:56:12 Need hold release from management interface, waiting...
2017-05-13 10:56:12 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2017-05-13 10:56:12 MANAGEMENT: CMD 'pid'
2017-05-13 10:56:12 MANAGEMENT: CMD 'state on'
2017-05-13 10:56:12 MANAGEMENT: CMD 'state'
2017-05-13 10:56:12 *Tunnelblick: Established communication with OpenVPN
2017-05-13 10:56:12 MANAGEMENT: CMD 'bytecount 1'
2017-05-13 10:56:12 MANAGEMENT: CMD 'hold release'
2017-05-13 10:56:12 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
2017-05-13 10:56:12 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-05-13 10:56:12 MANAGEMENT: >STATE:1494665772,RESOLVE,,,,,,
2017-05-13 10:56:12 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2017-05-13 10:56:12 Socket Buffers: R=[196724->196724] S=[9216->9216]
2017-05-13 10:56:12 UDP link local: (not bound)
2017-05-13 10:56:12 UDP link remote: [AF_INET]x.x.x.x:1194
2017-05-13 10:56:12 MANAGEMENT: >STATE:1494665772,WAIT,,,,,,
2017-05-13 10:56:12 MANAGEMENT: >STATE:1494665772,AUTH,,,,,,
2017-05-13 10:56:12 TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=1bb6c60b 63039cef
2017-05-13 10:56:13 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-N66U, emailAddress=me@myhost.mydomain
2017-05-13 10:56:13 VERIFY OK: nsCertType=SERVER
2017-05-13 10:56:13 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-N66U, emailAddress=me@myhost.mydomain
2017-05-13 10:56:13 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
2017-05-13 10:56:13 [RT-N66U] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
2017-05-13 10:56:14 MANAGEMENT: >STATE:1494665774,GET_CONFIG,,,,,,
2017-05-13 10:56:14 SENT CONTROL [RT-N66U]: 'PUSH_REQUEST' (status=1)
2017-05-13 10:56:14 PUSH: Received control message: 'PUSH_REPLY,route 10.31.0.0 255.255.255.0,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM'
2017-05-13 10:56:14 OPTIONS IMPORT: timers and/or timeouts modified
2017-05-13 10:56:14 OPTIONS IMPORT: --ifconfig/up options modified
2017-05-13 10:56:14 OPTIONS IMPORT: route options modified
2017-05-13 10:56:15 OPTIONS IMPORT: route-related options modified
2017-05-13 10:56:15 OPTIONS IMPORT: peer-id set
2017-05-13 10:56:15 OPTIONS IMPORT: adjusting link_mtu to 1625
2017-05-13 10:56:15 OPTIONS IMPORT: data channel crypto options modified
2017-05-13 10:56:15 Data Channel Encrypt: Cipher 'AES-128-GCM' initialized with 128 bit key
2017-05-13 10:56:15 Data Channel Decrypt: Cipher 'AES-128-GCM' initialized with 128 bit key
2017-05-13 10:56:15 Opening utun (connect(AF_SYS_CONTROL)): Resource busy
2017-05-13 10:56:15 Opened utun device utun1
2017-05-13 10:56:15 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2017-05-13 10:56:15 MANAGEMENT: >STATE:1494665775,ASSIGN_IP,,10.8.0.2,,,,
2017-05-13 10:56:15 /sbin/ifconfig utun1 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2017-05-13 10:56:15 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2017-05-13 10:56:15 /sbin/ifconfig utun1 10.8.0.2 10.8.0.2 netmask 255.255.255.0 mtu 1500 up
2017-05-13 10:56:15 /sbin/route add -net 10.8.0.0 10.8.0.2 255.255.255.0
add net 10.8.0.0: gateway 10.8.0.2
2017-05-13 10:56:15 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun1 1500 1553 10.8.0.2 255.255.255.0 init
**********************************************
Start of output from client.up.tunnelblick.sh
NOTE: No network configuration changes need to be made.
WARNING: Will NOT monitor for other network configuration changes.
WARNING: Will NOT disable IPv6 settings.

DNS servers '192.168.43.1' will be used for DNS queries when the VPN is active
NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
End of output from client.up.tunnelblick.sh
**********************************************
2017-05-13 10:56:17 *Tunnelblick: No 'connected.sh' script to execute
2017-05-13 10:56:17 /sbin/route add -net x.x.x.x 192.168.43.1 255.255.255.255
add net x.x.x.x: gateway 192.168.43.1
2017-05-13 10:56:17 /sbin/route add -net 0.0.0.0 10.8.0.1 128.0.0.0
add net 0.0.0.0: gateway 10.8.0.1
2017-05-13 10:56:17 /sbin/route add -net 128.0.0.0 10.8.0.1 128.0.0.0
add net 128.0.0.0: gateway 10.8.0.1
2017-05-13 10:56:17 MANAGEMENT: >STATE:1494665777,ADD_ROUTES,,,,,,
2017-05-13 10:56:17 /sbin/route add -net 10.31.0.0 10.8.0.1 255.255.255.0
add net 10.31.0.0: gateway 10.8.0.1
2017-05-13 10:56:17 Initialization Sequence Completed
2017-05-13 10:56:17 MANAGEMENT: >STATE:1494665777,CONNECTED,SUCCESS,10.8.0.2,x.x.x.x,1194,,
2017-05-13 10:56:26 *Tunnelblick: This computer's apparent public IP address changed from 85.237.234.140 before connection to x.x.x.x after connection to x.x.x.x after connection
2017-05-13 10:56:58 *Tunnelblick: Disconnecting; 'Disconnect' (toggle) menu command invoked
2017-05-13 10:56:59 *Tunnelblick: No 'pre-disconnect.sh' script to execute
2017-05-13 10:56:59 *Tunnelblick: Disconnecting using 'kill'
2017-05-13 10:56:59 event_wait : Interrupted system call (code=4)
2017-05-13 10:56:59 /sbin/route delete -net 10.31.0.0 10.8.0.1 255.255.255.0
delete net 10.31.0.0: gateway 10.8.0.1
2017-05-13 10:56:59 /sbin/route delete -net x.x.x.x 192.168.43.1 255.255.255.255
delete net x.x.x.x: gateway 192.168.43.1
2017-05-13 10:56:59 /sbin/route delete -net 0.0.0.0 10.8.0.1 128.0.0.0
delete net 0.0.0.0: gateway 10.8.0.1
2017-05-13 10:56:59 /sbin/route delete -net 128.0.0.0 10.8.0.1 128.0.0.0
delete net 128.0.0.0: gateway 10.8.0.1
2017-05-13 10:56:59 Closing TUN/TAP interface
2017-05-13 10:56:59 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun1 1500 1553 10.8.0.2 255.255.255.0 init
**********************************************
Start of output from client.down.tunnelblick.sh
WARNING: Not restoring DNS settings because no saved Tunnelblick DNS information was found.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
End of output from client.down.tunnelblick.sh
**********************************************
2017-05-13 10:57:00 *Tunnelblick: No 'post-disconnect.sh' script to execute
2017-05-13 10:57:00 *Tunnelblick: Expected disconnection occurred.
2017-05-13 10:57:00 SIGTERM[hard,] received, process exiting
2017-05-13 10:57:00 MANAGEMENT: >STATE:1494665820,EXITING,SIGTERM,,,,,
client
dev tun
proto udp
remote mydns 1194
float
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
comp-lzo adaptive
keepalive 15 60
ns-cert-type server
<ca>
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
.....
-----END PRIVATE KEY-----
</key>
resolv-retry infinite
nobind

Post Reply