O'Reilly logo

Mastering OpenVPN by Jan Just Keijser, Eric F Crist

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Basic production-level configuration files

We extend the previous client and server configuration files to use the newly created tls-auth key. We do this by adding a line to the configuration file movpn-04-01-server.conf, as well as the second security-enhancing option:

proto udp
port 1194
dev tun
server 10.200.0.0 255.255.255.0
topology subnet
persist-key
persist-tun
keepalive 10 60

remote-cert-tls client
tls-auth /etc/openvpn/movpn/ta.key 0
dh       /etc/openvpn/movpn/dh2048.pem
ca       /etc/openvpn/movpn/movpn-ca.crt
cert     /etc/openvpn/movpn/server.crt
key      /etc/openvpn/movpn/server.key

user  nobody
group nobody

verb 3
daemon
log-append /var/log/openvpn.log

Note

Note that the order of the statements in this configuration file is random. The remote-cert-tls ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required