OpenVPN

Vygenerujeme certifikat, ulozi se do souboru ta.key openvpn –genkey –secret ta.key

server konfigurace tls-auth ta.key 0

server konfigurace tls-auth ta.key 1

port 1194
proto tcp
;proto udp
dev tun0

ca ca.crt
cert server.crt
key server.key

dh dh2048.pem
server 192.168.1.2 255.255.255.0
ifconfig-pool-persist ipp.txt

client-config-dir ccd 
route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
iroute 192.168.40.128 255.255.255.248
ifconfig-push 10.9.0.1 10.9.0.2    # use this, if you wanna use fixed VPN IP

push "route 192.168.182.0 255.255.255.0"
push "redirect-gateway"
push "dhcp-option DNS 192.168.183.1"
push "dhcp-option WINS 10.8.0.1"
client-to-client
keepalive 10 120
tls-auth ta.key 0   # secret file

cipher BF-CBC         # Blowfish
cipher AES-128-CBC   # AES
cipher DES-EDE3-CBC  # Triple-DES

comp-lzo   # compresion
;max-clients 100
status openvpn-status.log

nejaka slozka pro konfiguraci jednotlivych klientu, jmeno souboru podle common name v certifikatu (lze jednoduse najit v openvpn-status.log)

V main configu (“server.conf”):

client-config-dir clients.d

V prislusnem klientskem souboru staci-melo by stacit:

ifconfig-push 10.0.5.78 10.0.5.79

http://openvpn.net/index.php/documentation/howto.html#security