# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
port 1194
# TCP or UDP server?
proto tcp
explicit-exit-notify 0 # Для протокола tcp
;proto udp
;dev tap
dev tun
ca ca.crt
cert ServerITDO.crt
key ServerITDO.key # This file should be kept secret
dh dh.pem
;topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
;client-to-client
;duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
key-direction 0
cipher AES-256-CBC
auth SHA256
;compress lz4-v2
;push "compress lz4-v2"
;comp-lzo
;max-clients 100
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
log-append openvpn.log
verb 5
;mute 20
;crl-verify crl.pem
client
;dev tap
dev tun
;dev-node MyTap
proto tcp
;proto udp
remote 192.168.1.90 1194
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nogroup
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
;ca ca.crt
;cert client.crt
;key client.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
auth SHA256
key-direction 1
#comp-lzo
verb 5
;mute 20
# script-security 2
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
Тестирую локально.
Жалуется на ключ ca ca.crt, но что его не устраивает я хз
<ca>
# script-security 2
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
-------BEGIN CERTIFICATE-----
....
-------END CERTIFICATE-----
</ca>