The configuration was more or less the same, just different port numbers. Here they are for documentation purposes. Again, the only differences are the protocol, and the IP pools.
UDP Config:
port 1618
proto udp
dev tun
ca /etc/openvpn/openvpnudp-files/ca.crt
cert /etc/openvpn/openvpnudp-files/server.crt
key /etc/openvpn/openvpnudp-files/server.key
dh /etc/openvpn/openvpnudp-files/dh3072.pem
push "redirect-gateway def1 bypass-dhcp"
server 10.255.248.0 255.255.254.0
remote-cert-eku "TLS Web Client Authentication"
ifconfig-pool-persist /etc/openvpn/openvpnudp-files/ipp.txt
keepalive 10 120
comp-lzo yes
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 5
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/openvpnudp-files/auth-ldap.conf"
username-as-common-name
cipher AES-256-CBC
topology subnet
log-append /var/log/openvpn.log
tls-auth /etc/openvpn/openvpnudp-files/tls.key 0
key-direction 0
tls-version-min 1.2
auth SHA512
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
crl-verify /etc/openvpn/openvpnudp-files/crl.pem
TCP Config:
port 1618
proto tcp
dev tun
ca /etc/openvpn/openvpntcp-files/ca.crt
cert /etc/openvpn/openvpntcp-files/server.crt
key /etc/openvpn/openvpntcp-files/server.key
dh /etc/openvpn/openvpntcp-files/dh3072.pem
push "redirect-gateway def1 bypass-dhcp"
server 10.255.250.0 255.255.254.0
remote-cert-eku "TLS Web Client Authentication"
ifconfig-pool-persist /etc/openvpn/openvpntcp-files/ipp.txt
keepalive 10 120
comp-lzo yes
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 5
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/openvpntcp-files/auth-ldap.conf"
username-as-common-name
cipher AES-256-CBC
topology subnet
log-append /var/log/openvpn.log
tls-auth /etc/openvpn/openvpntcp-files/tls.key 0
key-direction 0
tls-version-min 1.2
auth SHA512
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
crl-verify /etc/openvpn/openvpntcp-files/crl.pem
Simon,
The configuration was more or less the same, just different port numbers. Here they are for documentation purposes. Again, the only differences are the protocol, and the IP pools.
UDP Config: openvpnudp- files/ca. crt openvpnudp- files/server. crt openvpnudp- files/server. key openvpnudp- files/dh3072. pem pool-persist /etc/openvpn/ openvpnudp- files/ipp. txt openvpn- status. log openvpn/ openvpn- auth-ldap. so "/etc/openvpn/ openvpnudp- files/auth- ldap.conf" as-common- name openvpn. log openvpnudp- files/tls. key 0 RSA-WITH- AES-128- GCM-SHA256: TLS-ECDHE- ECDSA-WITH- AES-128- GCM-SHA256: TLS-ECDHE- RSA-WITH- AES-256- GCM-SHA384: TLS-DHE- RSA-WITH- AES-256- CBC-SHA256 openvpnudp- files/crl. pem
port 1618
proto udp
dev tun
ca /etc/openvpn/
cert /etc/openvpn/
key /etc/openvpn/
dh /etc/openvpn/
push "redirect-gateway def1 bypass-dhcp"
server 10.255.248.0 255.255.254.0
remote-cert-eku "TLS Web Client Authentication"
ifconfig-
keepalive 10 120
comp-lzo yes
persist-key
persist-tun
status /var/log/
verb 5
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
plugin /usr/lib/
username-
cipher AES-256-CBC
topology subnet
log-append /var/log/
tls-auth /etc/openvpn/
key-direction 0
tls-version-min 1.2
auth SHA512
tls-cipher TLS-ECDHE-
crl-verify /etc/openvpn/
TCP Config: openvpntcp- files/ca. crt openvpntcp- files/server. crt openvpntcp- files/server. key openvpntcp- files/dh3072. pem pool-persist /etc/openvpn/ openvpntcp- files/ipp. txt openvpn- status. log openvpn/ openvpn- auth-ldap. so "/etc/openvpn/ openvpntcp- files/auth- ldap.conf" as-common- name openvpn. log openvpntcp- files/tls. key 0 RSA-WITH- AES-128- GCM-SHA256: TLS-ECDHE- ECDSA-WITH- AES-128- GCM-SHA256: TLS-ECDHE- RSA-WITH- AES-256- GCM-SHA384: TLS-DHE- RSA-WITH- AES-256- CBC-SHA256 openvpntcp- files/crl. pem
port 1618
proto tcp
dev tun
ca /etc/openvpn/
cert /etc/openvpn/
key /etc/openvpn/
dh /etc/openvpn/
push "redirect-gateway def1 bypass-dhcp"
server 10.255.250.0 255.255.254.0
remote-cert-eku "TLS Web Client Authentication"
ifconfig-
keepalive 10 120
comp-lzo yes
persist-key
persist-tun
status /var/log/
verb 5
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
plugin /usr/lib/
username-
cipher AES-256-CBC
topology subnet
log-append /var/log/
tls-auth /etc/openvpn/
key-direction 0
tls-version-min 1.2
auth SHA512
tls-cipher TLS-ECDHE-
crl-verify /etc/openvpn/