Code: Select all
[root@centos-server openvpn]# openvpn server.conf
Thu Jan 23 20:44:40 2020 OpenVPN 2.4.8 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov 1 2019
Thu Jan 23 20:44:40 2020 library versions: OpenSSL 1.1.1c FIPS 28 May 2019, LZO 2.08
Thu Jan 23 20:44:40 2020 Diffie-Hellman initialized with 2048 bit key
Thu Jan 23 20:44:40 2020 Failed to extract curve from certificate (UNDEF), using secp384r1 instead.
Thu Jan 23 20:44:40 2020 ECDH curve secp384r1 added
Thu Jan 23 20:44:40 2020 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Thu Jan 23 20:44:40 2020 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Jan 23 20:44:40 2020 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Thu Jan 23 20:44:40 2020 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Jan 23 20:44:40 2020 ROUTE_GATEWAY 10.1.0.1/255.255.255.192 IFACE=eth0 HWADDR=00:15:5d:00:2d:18
Thu Jan 23 20:44:40 2020 TUN/TAP device tun0 opened
Thu Jan 23 20:44:40 2020 TUN/TAP TX queue length set to 100
Thu Jan 23 20:44:40 2020 /sbin/ip link set dev tun0 up mtu 1500
Thu Jan 23 20:44:40 2020 /sbin/ip addr add dev tun0 local 10.1.2.1 peer 10.1.2.2
Thu Jan 23 20:44:40 2020 /sbin/ip route add 10.1.2.0/24 via 10.1.2.2
Thu Jan 23 20:44:40 2020 Could not determine IPv4/IPv6 protocol. Using AF_INET
Thu Jan 23 20:44:40 2020 Socket Buffers: R=[87380->87380] S=[16384->16384]
Thu Jan 23 20:44:40 2020 Listening for incoming TCP connection on [AF_INET][undef]:443
Thu Jan 23 20:44:40 2020 TCPv4_SERVER link local (bound): [AF_INET][undef]:443
Thu Jan 23 20:44:40 2020 TCPv4_SERVER link remote: [AF_UNSPEC]
Thu Jan 23 20:44:40 2020 GID set to nobodyServer config
port 443 #- port
proto tcp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/centos-server.crt
key /etc/openvpn/easy-rsa/pki/private/centos-server.key
dh /etc/openvpn/easy-rsa/pki/dh.pem
#plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login #- Comment this line if you are using FreeRADIUS
#client-cert-not-required
#username-as-common-name
auth-nocache
auth sha512
cipher AES-256-CBC
tls-server
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key 0
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
server 10.1.2.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
user nobody
group nobody
#duplicate-cn
persist-key
persist-tun
#status /var/log/openvpn/status.log
#log /var/log/openvpn/server.log
verb 3
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
proto tcp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/centos-server.crt
key /etc/openvpn/easy-rsa/pki/private/centos-server.key
dh /etc/openvpn/easy-rsa/pki/dh.pem
#plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login #- Comment this line if you are using FreeRADIUS
#client-cert-not-required
#username-as-common-name
auth-nocache
auth sha512
cipher AES-256-CBC
tls-server
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key 0
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
server 10.1.2.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
user nobody
group nobody
#duplicate-cn
persist-key
persist-tun
#status /var/log/openvpn/status.log
#log /var/log/openvpn/server.log
verb 3
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem