Skip to main content

OpenVPN Configuration Guide

·412 words·2 mins
Server vpn setup

OpenVPN Configuration Guide #

This document outlines the procedures for setting up, removing, and modifying OpenVPN configurations on our server. Please follow the instructions carefully to ensure secure and efficient VPN operations.

Administrative Access #

  • Root Access: To perform any actions related to OpenVPN configuration, administrators must log in as the root user. This is crucial for accessing the necessary files and executing the scripts securely.

Configuration Script #

  • Script Location: The main script for managing OpenVPN configurations is located at /root/openvpn/openvpn.sh. This script is used for setting up, removing, or modifying VPN configurations.

Members Directory #

  • Location: /root/openvpn/members
  • Purpose: This directory stores the member configuration files for our OpenVPN setup. Each member’s configuration is essential for controlling access and managing the VPN settings on a per-user basis.

VPN Mode #

  • Our server operates in a VPN mode where configurations are pushed from the server to the clients. Clients are configured to only accept configurations pushed from the server, ensuring a standardized and secure setup across all connections.

Server Configuration Details #

Below are detailed comments for each setting in the OpenVPN server configuration file located at /etc/openvpn/server/server.conf:

port 8080                   # The port on which the VPN server will listen for incoming connections.
proto tcp                   # The protocol used by OpenVPN server and clients (TCP in this case).
dev tun                     # TUN device (network tunnel) used by OpenVPN.
ca ca.crt                   # Certificate Authority (CA) certificate file.
cert server.crt             # Server certificate file.
key server.key              # Server key file (private key).
dh dh.pem                   # Diffie-Hellman parameters file for key exchange.
auth SHA256                 # Hash algorithm used for authentication.
tls-crypt tc.key            # TLS Crypt key file for additional security.
topology subnet             # Network topology used (subnet allows for IP address management).
server 10.8.0.0 255.255.255.0 # IP range and subnet mask for the VPN clients.
ifconfig-pool-persist ipp.txt # File to persist IP assignments across server restarts.
push "dhcp-option DNS 1.1.1.1" # Pushes DNS server address to clients (Cloudflare DNS here).
keepalive 10 120            # Timing for ping and ping-restart.
cipher AES-128-GCM          # Encryption cipher used (AES-128-GCM recommended).
user nobody                 # User to run OpenVPN process after initialization.
group nogroup               # Group to run OpenVPN process after initialization.
persist-key                 # Persist key across SIGUSR1 signals.
persist-tun                 # Persist tunnel device across SIGUSR1 signals.
verb 3                      # Logging verbosity level.
crl-verify crl.pem          # File to verify if a certificate has been revoked.
push "route 10.8.0.0 255.255.255.0" # Route to push to clients, usually matches the VPN subnet.

Related

Chubby Lock Service
·105 words·1 min
Cloud Computing Lock Service
4月第一周周报
·42 words·1 min
组会 代码阅读
g2o basics
·260 words·2 mins
SLAM slam2d tutorial