OpenVPN Support Forum

# Config ecoute

port 443
proto tcp
dev tap0
mode server
tls-server
persist-key
persist-tun

# Certificats SSL/TLS

ca cert/cacert.pem
cert cert/Serveur-VPN11.crt
key cert/Serveur-VPN11.key

# Chiffrement statique

dh cert/dh2048.pem
tls-auth cert/ta.key 0

# Configuration fournie aux clients

server-bridge 192.168.1.70 255.255.255.0 192.168.1.211 192.168.1.230

# Gestion de la connexion avec le client

push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1"
push "dhcp-option DNS 192.168.1.11"
keepalive 10 120
tun-mtu 1500
mssfix
cipher AES-256-CBC
max-clients 5
client-to-client
comp-lzo

# Debug ?

verb 4
status /var/log/openvpn-status-server.log

#!/bin/bash
br="br0"
tap="tap0"
eth="eth0"
eth_ip="192.168.1.70"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.1.255"

openvpn --mktun --dev $tap

brctl addbr $br

brctl addif $br $tap
brctl addif $br $eth

ifconfig $tap 0.0.0.0 promisc up
ifconfig $eth 0.0.0.0 promisc up

ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast

route add default gw 192.168.1.1

#route add -net 192.168.1.0 netmask 255.255.255.0

#!/bin/bash

br="br0"

tap="tap0"

eth="eth0"

ifconfig $br down

brctl delbr $br

ifconfig $tap 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255 up
ifconfig $eth 192.168.1.70 netmask 255.255.255.0 broadcast 192.168.1.255 up

iptables -A INPUT -i tap0 -j ACCEPT
iptables -A FORWARD -i tap0 -j ACCEPT
iptables -A FORWARD -o tap0 -j ACCEPT
iptables -A OUTPUT -o tap0 -j ACCEPT
iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE
iptables -A INPUT -i tap+ -p icmp -m limit --limit 10/sec -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT
iptables -A OUTPUT -o br0 -j ACCEPT

dev tap
persist-key
persist-tun
cipher AES-256-CBC


client
resolv-retry infinite
remote ##### ### tcp-client
redirect-gateway def1
route-delay
tun-mtu 1500


ca cacert.pem
cert Mathieu.crt
key Mathieu.key
tls-auth ta.key 1
tls-client
comp-lzo
verb 5

proto tcp