Basic production-level configuration files

We extend the previous client and server configuration files to use the newly created tls-auth key. We do this by adding a line to the configuration file movpn-04-01-server.conf, as well as the second security-enhancing option:

proto udp
port 1194
dev tun
server 10.200.0.0 255.255.255.0
topology subnet
persist-key
persist-tun
keepalive 10 60

remote-cert-tls client
tls-auth /etc/openvpn/movpn/ta.key 0
dh       /etc/openvpn/movpn/dh2048.pem
ca       /etc/openvpn/movpn/movpn-ca.crt
cert     /etc/openvpn/movpn/server.crt
key      /etc/openvpn/movpn/server.key

user  nobody
group nobody

verb 3
daemon
log-append /var/log/openvpn.log

Note

Note that the order of the statements in this configuration file is random. The remote-cert-tls ...

Get Mastering OpenVPN now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering OpenVPN by Eric F Crist, Jan Just Keijser

Basic production-level configuration files

Note

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly