- This topic is empty.
Viewing 1 post (of 1 total)
-
Posts
-
Here’s a sample working OVPN file that may help others get started:
For simplicity’s sake, I recommend using pfx files.
Also, to ensure you’re connecting to the desired endpoint, you’ll want to set the tls-remote to specify the CN name of your firewall — zeroshell.mycompany.com would be entered as /OU=Hosts/CN=zeroshell.mycompany.com
I also include a line to dump some additional diagnostics — note the show-net-up line which you may uncomment when your end users need help.
You should consider http://swupdate.openvpn.net/community/releases/openvpn-2.2-beta5-install.exe or later — prior versions had a bug with routes being created wrongly. Be sure your end users run openvpn and its gui as administrator.
remote zeroshell.mycompany.com 1194
remote-random
resolv-retry infinite
proto udp
auth-user-pass # require username/password dialog
pkcs12 user.pfx # Use pkcs12 for ca, pub/pvt key
tls-remote /OU=Hosts/CN=zeroshell.mycompany.com
client # This is a client config
dev tap # Ethernet Tunnel mode
comp-lzo # Compress traffic
verb 1 # Logging level
mute 10 # Limit consecutive loging of same cateogry messages
#show-net-up # Log routing table & network adapter info after we're up
nobind # Don't bind to local addr/port
persist-key # Don't re-read keyfile on soft restart
persist-tun # Don't close and reopen device, run scripts on soft restart
# Add more Static Routes for our other network space when on VPN
# Optional -- these may be helpful if other machines outside your firewall
# expects access to come from your office.
route 100.2.3.0 255.255.254.0
route 10.0.0.0 255.255.254.0
route 211.82.2.0 255.255.255.0
Viewing 1 post (of 1 total)
- You must be logged in to reply to this topic.