Option - OpenVPN
Ref: server.conf
Ref: Reference
Ref: 2x HOW TO
Any CLI option can be placed in a configuration, without the prefix --
| CLI Option | Config |
|---|---|
--dev tun | dev tun |
Remote
Connect to remote server <host>
- Can have multiple
remote, OpenVPN try one by one
# remote <host> [<port> [<proto>]]
remote 10.0.0.1 1194 udp
# equivalent to
remote 10.0.0.1
port 1194
proto udp
TCP / UDP
# proto { tcp | udp | tcp4 | udp4 | tcp6 | udp6 }
proto udp
Tunnel mode
tap | Link (MAC) layer tunnel |
tun | Internet (IP) layer tunnel |
# dev {tun|tap}[<device digit>]
dev tap # dynamic device
dev tap0 # specify device 0
dev tun # dynamic device
dev tun1 # specify device 1
Compress traffic
comp-lzo
Keep alive
<interval> | send ping every <interval> second |
<timeout> | restart if ping is not received for <timeout> seconds |
# keepalive <interval> <timeout>
keepalive 10 60
Ping timer
Start ping timeout timer only if remote peer connected
ping-timer-rem
Persist tunnel
Don't re-open device when restart
persist-tun
Persist key
Don't re-read key when restart
persist-key
Route
Add route after connected
# route <IP subnet> [<subnet mask>] [<gateway>]
Push
Push option to client
- The client must enable
pulloption
# push "..."
push "route 10.0.0.0 255.255.255.0"
Client
client
# is equivalent to
pull
tls-client
Pull
Accept server push "..." option
pull
tls-auth
# tls-auth <ta.key> [ 0 | 1 ]
tls-auth ta.key 0
# is equivalent to
tls-auth ta.key
key-direction 0
Inline
Inline / Embed file
Directive support inline:
ca, cert, dh, extra-certs, key, pkcs12, secret, crl-verify, http-proxy-user-pass, tls-auth, auth-gen-token-secret, peer-fingerprint, tls-crypt, tls-crypt-v2, verify-hash
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>