1 # OpenVPN Layer 2 Server
\r
3 ## Installing OpenVPN packages
\r
11 ## Certificate and Key Setup Instructions
\r
15 ## Server configuration
\r
17 For server bridge option: First two parameters are the ip/netmask of
\r
18 the gateway on the bridged subnet. Next two paraters indicate the
\r
19 pool-start-IP and pool-end-IP, which is the part of your IP address
\r
20 pool that you have reserved just for VPN clients. You have to make
\r
21 sure the DHCP server on the company network is not handing those out
\r
26 config openvpn 'myvpn'
\r
31 option status '/var/log/openvpn_status.log'
\r
32 option log '/tmp/openvpn.log'
\r
35 option keepalive '10 120'
\r
36 option persist_key '1'
\r
37 option persist_tun '1'
\r
38 option user 'nobody'
\r
39 option group 'nogroup'
\r
40 option ca '/etc/easy-rsa/keys/ca.crt'
\r
41 option cert '/etc/easy-rsa/keys/myvpn.crt'
\r
42 option key '/etc/easy-rsa/keys/myvpn.key'
\r
43 option dh '/etc/easy-rsa/keys/dh2048.pem'
\r
44 option tls_server '1'
\r
45 option tls_auth '/etc/easy-rsa/keys/ta.key 0'
\r
46 option server_bridge '10.0.0.1 255.255.255.0 10.0.0.201 10.0.0.220'
\r
47 option topology 'subnet'
\r
48 option client_to_client '1'
\r
49 list push 'persist-key'
\r
50 list push 'persist-tun'
\r
51 list push 'redirect-gateway def1'
\r
52 # allow your clients to access to your network
\r
53 list push 'route 10.0.0.0 255.255.255.0'
\r
54 # push DNS to your clients
\r
55 list push 'dhcp-option DNS 10.0.0.1'
\r
56 # option comp_lzo 'no'
\r
59 ## Client setup information
\r