pastebin - collaborative debugging

pastebin is a collaborative debugging tool allowing you to share and modify code snippets while chatting on IRC, IM or a message board.

This site is developed to XHTML and CSS2 W3C standards. If you see this paragraph, your browser does not support those standards and you need to upgrade. Visit WaSP for a variety of options.

pastebin private pastebin - collaborative debugging tool What's a private pastebin?

Posted by Anonymous on Thu 1st Apr 20:43
download | new post

  1. #################################################
  2. # Sample OpenVPN 2.0 config file for            #
  3. # multi-client server.                          #
  4. #                                               #
  5. # This file is for the server side              #
  6. # of a many-clients <-> one-server              #
  7. # OpenVPN configuration.                        #
  8. #                                               #
  9. # OpenVPN also supports                         #
  10. # single-machine <-> single-machine             #
  11. # configurations (See the Examples page         #
  12. # on the web site for more info).               #
  13. #                                               #
  14. # This config should work on Windows            #
  15. # or Linux/BSD systems.  Remember on            #
  16. # Windows to quote pathnames and use            #
  17. # double backslashes, e.g.:                     #
  18. # "C:\\Program Files\\OpenVPN\\config\\foo.key" #
  19. #                                               #
  20. # Comments are preceded with '#' or ';'         #
  21. #################################################
  22.  
  23. # Which local IP address should OpenVPN
  24. # listen on? (optional)
  25. ;local a.b.c.d
  26.  
  27. # Which TCP/UDP port should OpenVPN listen on?
  28. # If you want to run multiple OpenVPN instances
  29. # on the same machine, use a different port
  30. # number for each one.  You will need to
  31. # open up this port on your firewall.
  32. port 1194
  33.  
  34. # TCP or UDP server?
  35. ;proto tcp
  36. proto udp
  37.  
  38. # "dev tun" will create a routed IP tunnel,
  39. # "dev tap" will create an ethernet tunnel.
  40. # Use "dev tap0" if you are ethernet bridging
  41. # and have precreated a tap0 virtual interface
  42. # and bridged it with your ethernet interface.
  43. # If you want to control access policies
  44. # over the VPN, you must create firewall
  45. # rules for the the TUN/TAP interface.
  46. # On non-Windows systems, you can give
  47. # an explicit unit number, such as tun0.
  48. # On Windows, use "dev-node" for this.
  49. # On most systems, the VPN will not function
  50. # unless you partially or fully disable
  51. # the firewall for the TUN/TAP interface.
  52. ;dev tap
  53. dev tun
  54.  
  55. # Windows needs the TAP-Win32 adapter name
  56. # from the Network Connections panel if you
  57. # have more than one.  On XP SP2 or higher,
  58. # you may need to selectively disable the
  59. # Windows firewall for the TAP adapter.
  60. # Non-Windows systems usually don't need this.
  61. ;dev-node MyTap
  62.  
  63. # SSL/TLS root certificate (ca), certificate
  64. # (cert), and private key (key).  Each client
  65. # and the server must have their own cert and
  66. # key file.  The server and all clients will
  67. # use the same ca file.
  68. #
  69. # See the "easy-rsa" directory for a series
  70. # of scripts for generating RSA certificates
  71. # and private keys.  Remember to use
  72. # a unique Common Name for the server
  73. # and each of the client certificates.
  74. #
  75. # Any X509 key management system can be used.
  76. # OpenVPN can also use a PKCS #12 formatted key file
  77. # (see "pkcs12" directive in man page).
  78. ca ca.crt
  79. cert server.crt
  80. key server.key  # This file should be kept secret
  81.  
  82. # Diffie hellman parameters.
  83. # Generate your own with:
  84. #   openssl dhparam -out dh1024.pem 1024
  85. # Substitute 2048 for 1024 if you are using
  86. # 2048 bit keys.
  87. dh dh1024.pem
  88.  
  89. # Configure server mode and supply a VPN subnet
  90. # for OpenVPN to draw client addresses from.
  91. # The server will take 10.8.0.1 for itself,
  92. # the rest will be made available to clients.
  93. # Each client will be able to reach the server
  94. # on 10.8.0.1. Comment this line out if you are
  95. # ethernet bridging. See the man page for more info.
  96. server 10.8.0.0 255.255.255.0
  97.  
  98. # Maintain a record of client <-> virtual IP address
  99. # associations in this file.  If OpenVPN goes down or
  100. # is restarted, reconnecting clients can be assigned
  101. # the same virtual IP address from the pool that was
  102. # previously assigned.
  103. ifconfig-pool-persist ipp.txt
  104.  
  105. # Configure server mode for ethernet bridging.
  106. # You must first use your OS's bridging capability
  107. # to bridge the TAP interface with the ethernet
  108. # NIC interface.  Then you must manually set the
  109. # IP/netmask on the bridge interface, here we
  110. # assume 10.8.0.4/255.255.255.0.  Finally we
  111. # must set aside an IP range in this subnet
  112. # (start=10.8.0.50 end=10.8.0.100) to allocate
  113. # to connecting clients.  Leave this line commented
  114. # out unless you are ethernet bridging.
  115. ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
  116.  
  117. # Configure server mode for ethernet bridging
  118. # using a DHCP-proxy, where clients talk
  119. # to the OpenVPN server-side DHCP server
  120. # to receive their IP address allocation
  121. # and DNS server addresses.  You must first use
  122. # your OS's bridging capability to bridge the TAP
  123. # interface with the ethernet NIC interface.
  124. # Note: this mode only works on clients (such as
  125. # Windows), where the client-side TAP adapter is
  126. # bound to a DHCP client.
  127. ;server-bridge
  128.  
  129. # Push routes to the client to allow it
  130. # to reach other private subnets behind
  131. # the server.  Remember that thes
  132. # private subnets will also need
  133. # to know to route the OpenVPN client
  134. # address pool (10.8.0.0/255.255.255.0)
  135. # back to the OpenVPN server.
  136. push "route 192.168.1.0 255.255.255.0"
  137. ;push "route 192.168.20.0 255.255.255.0"
  138. push "dhcp-option WINS 192.168.1.1"
  139. push "dhcp-option DNS 192.168.1.1"
  140. push "dhcp-option DOMAIN tera-networks.local"
  141.  
  142. # To assign specific IP addresses to specific
  143. # clients or if a connecting client has a private
  144. # subnet behind it that should also have VPN access,
  145. # use the subdirectory "ccd" for client-specific
  146. # configuration files (see man page for more info).
  147.  
  148. # EXAMPLE: Suppose the client
  149. # having the certificate common name "Thelonious"
  150. # also has a small subnet behind his connecting
  151. # machine, such as 192.168.40.128/255.255.255.248.
  152. # First, uncomment out these lines:
  153. ;client-config-dir ccd
  154. ;route 192.168.40.128 255.255.255.248
  155. # Then create a file ccd/Thelonious with this line:
  156. #   iroute 192.168.40.128 255.255.255.248
  157. # This will allow Thelonious' private subnet to
  158. # access the VPN.  This example will only work
  159. # if you are routing, not bridging, i.e. you are
  160. # using "dev tun" and "server" directives.
  161.  
  162. # EXAMPLE: Suppose you want to give
  163. # Thelonious a fixed VPN IP address of 10.9.0.1.
  164. # First uncomment out these lines:
  165. ;client-config-dir ccd
  166. ;route 10.9.0.0 255.255.255.252
  167. # Then add this line to ccd/Thelonious:
  168. #   ifconfig-push 10.9.0.1 10.9.0.2
  169.  
  170. # Suppose that you want to enable different
  171. # firewall access policies for different groups
  172. # of clients.  There are two methods:
  173. # (1) Run multiple OpenVPN daemons, one for each
  174. #     group, and firewall the TUN/TAP interface
  175. #     for each group/daemon appropriately.
  176. # (2) (Advanced) Create a script to dynamically
  177. #     modify the firewall in response to access
  178. #     from different clients.  See man
  179. #     page for more info on learn-address script.
  180. ;learn-address ./script
  181.  
  182. # If enabled, this directive will configure
  183. # all clients to redirect their default
  184. # network gateway through the VPN, causing
  185. # all IP traffic such as web browsing and
  186. # and DNS lookups to go through the VPN
  187. # (The OpenVPN server machine may need to NAT
  188. # or bridge the TUN/TAP interface to the internet
  189. # in order for this to work properly).
  190. ;push "redirect-gateway def1 bypass-dhcp"
  191.  
  192. # Certain Windows-specific network settings
  193. # can be pushed to clients, such as DNS
  194. # or WINS server addresses.  CAVEAT:
  195. # http://openvpn.net/faq.html#dhcpcaveats
  196. # The addresses below refer to the public
  197. # DNS servers provided by opendns.com.
  198. ;push "dhcp-option DNS 208.67.222.222"
  199. ;push "dhcp-option DNS 208.67.220.220"
  200.  
  201. # Uncomment this directive to allow different
  202. # clients to be able to "see" each other.
  203. # By default, clients will only see the server.
  204. # To force clients to only see the server, you
  205. # will also need to appropriately firewall the
  206. # server's TUN/TAP interface.
  207. ;client-to-client
  208.  
  209. # Uncomment this directive if multiple clients
  210. # might connect with the same certificate/key
  211. # files or common names.  This is recommended
  212. # only for testing purposes.  For production use,
  213. # each client should have its own certificate/key
  214. # pair.
  215. #
  216. # IF YOU HAVE NOT GENERATED INDIVIDUAL
  217. # CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
  218. # EACH HAVING ITS OWN UNIQUE "COMMON NAME",
  219. # UNCOMMENT THIS LINE OUT.
  220. ;duplicate-cn
  221.  
  222. # The keepalive directive causes ping-like
  223. # messages to be sent back and forth over
  224. # the link so that each side knows when
  225. # the other side has gone down.
  226. # Ping every 10 seconds, assume that remote
  227. # peer is down if no ping received during
  228. # a 120 second time period.
  229. keepalive 10 120
  230.  
  231. # For extra security beyond that provided
  232. # by SSL/TLS, create an "HMAC firewall"
  233. # to help block DoS attacks and UDP port flooding.
  234. #
  235. # Generate with:
  236. #   openvpn --genkey --secret ta.key
  237. #
  238. # The server and each client must have
  239. # a copy of this key.
  240. # The second parameter should be '0'
  241. # on the server and '1' on the clients.
  242. ;tls-auth ta.key 0 # This file is secret
  243.  
  244. # Select a cryptographic cipher.
  245. # This config item must be copied to
  246. # the client config file as well.
  247. ;cipher BF-CBC        # Blowfish (default)
  248. ;cipher AES-128-CBC   # AES
  249. ;cipher DES-EDE3-CBC  # Triple-DES
  250.  
  251. # Enable compression on the VPN link.
  252. # If you enable it here, you must also
  253. # enable it in the client config file.
  254. comp-lzo
  255.  
  256. # The maximum number of concurrently connected
  257. # clients we want to allow.
  258. ;max-clients 4
  259.  
  260. # It's a good idea to reduce the OpenVPN
  261. # daemon's privileges after initialization.
  262. #
  263. # You can uncomment this out on
  264. # non-Windows systems.
  265. ;user nobody
  266. ;group nobody
  267.  
  268. # The persist options will try to avoid
  269. # accessing certain resources on restart
  270. # that may no longer be accessible because
  271. # of the privilege downgrade.
  272. persist-key
  273. persist-tun
  274.  
  275. # Output a short status file showing
  276. # current connections, truncated
  277. # and rewritten every minute.
  278. status openvpn-status.log
  279.  
  280. # By default, log messages will go to the syslog (or
  281. # on Windows, if running as a service, they will go to
  282. # the "\Program Files\OpenVPN\log" directory).
  283. # Use log or log-append to override this default.
  284. # "log" will truncate the log file on OpenVPN startup,
  285. # while "log-append" will append to it.  Use one
  286. # or the other (but not both).
  287. ;log         openvpn.log
  288. ;log-append  openvpn.log
  289.  
  290. # Set the appropriate level of log
  291. # file verbosity.
  292. #
  293. # 0 is silent, except for fatal errors
  294. # 4 is reasonable for general usage
  295. # 5 and 6 can help to debug connection problems
  296. # 9 is extremely verbose
  297. verb 3
  298.  
  299. # Silence repeating messages.  At most 20
  300. # sequential messages of the same message
  301. # category will be output to the log.
  302. ;mute 20

Submit a correction or amendment below. (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Use syntax highlighting

To highlight particular lines, prefix each line with @@


Remember my settings