Ubuntu
openvpn package

  1. Bug #1580356
  2. Comment #7

Comment 7 for bug 1580356

Revision history for this message
Scott Crooks (scott-crooks) wrote :

Simon,

The configuration was more or less the same, just different port numbers. Here they are for documentation purposes. Again, the only differences are the protocol, and the IP pools.

UDP Config:
port 1618
proto udp
dev tun
ca /etc/openvpn/openvpnudp-files/ca.crt
cert /etc/openvpn/openvpnudp-files/server.crt
key /etc/openvpn/openvpnudp-files/server.key
dh /etc/openvpn/openvpnudp-files/dh3072.pem
push "redirect-gateway def1 bypass-dhcp"
server 10.255.248.0 255.255.254.0
remote-cert-eku "TLS Web Client Authentication"
ifconfig-pool-persist /etc/openvpn/openvpnudp-files/ipp.txt
keepalive 10 120
comp-lzo yes
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 5
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/openvpnudp-files/auth-ldap.conf"
username-as-common-name
cipher AES-256-CBC
topology subnet
log-append /var/log/openvpn.log
tls-auth /etc/openvpn/openvpnudp-files/tls.key 0
key-direction 0
tls-version-min 1.2
auth SHA512
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
crl-verify /etc/openvpn/openvpnudp-files/crl.pem

TCP Config:
port 1618
proto tcp
dev tun
ca /etc/openvpn/openvpntcp-files/ca.crt
cert /etc/openvpn/openvpntcp-files/server.crt
key /etc/openvpn/openvpntcp-files/server.key
dh /etc/openvpn/openvpntcp-files/dh3072.pem
push "redirect-gateway def1 bypass-dhcp"
server 10.255.250.0 255.255.254.0
remote-cert-eku "TLS Web Client Authentication"
ifconfig-pool-persist /etc/openvpn/openvpntcp-files/ipp.txt
keepalive 10 120
comp-lzo yes
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 5
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/openvpntcp-files/auth-ldap.conf"
username-as-common-name
cipher AES-256-CBC
topology subnet
log-append /var/log/openvpn.log
tls-auth /etc/openvpn/openvpntcp-files/tls.key 0
key-direction 0
tls-version-min 1.2
auth SHA512
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
crl-verify /etc/openvpn/openvpntcp-files/crl.pem