1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-25 10:59:53 +03:00
SoftEtherVPN/src/bin/hamcore/openvpn_sample.ovpn

166 lines
5.3 KiB
Plaintext
Raw Normal View History

2017-10-18 12:24:21 +03:00
###############################################################################
# OpenVPN 2.0 Sample Configuration File
# for PacketiX VPN / SoftEther VPN Server
#
2017-10-18 12:24:21 +03:00
# !!! AUTO-GENERATED BY SOFTETHER VPN SERVER MANAGEMENT TOOL !!!
#
2017-10-18 12:24:21 +03:00
# !!! YOU HAVE TO REVIEW IT BEFORE USE AND MODIFY IT AS NECESSARY !!!
#
2017-10-18 12:24:21 +03:00
# This configuration file is auto-generated. You might use this config file
# in order to connect to the PacketiX VPN / SoftEther VPN Server.
# However, before you try it, you should review the descriptions of the file
# to determine the necessity to modify to suitable for your real environment.
# If necessary, you have to modify a little adequately on the file.
# For example, the IP address or the hostname as a destination VPN Server
# should be confirmed.
#
2017-10-18 12:24:21 +03:00
# Note that to use OpenVPN 2.0, you have to put the certification file of
# the destination VPN Server on the OpenVPN Client computer when you use this
# config file. Please refer the below descriptions carefully.
###############################################################################
# Custom hostname setting.
#
# Uncomment the line and replace "Hostname" with your desired string, if you
# want the server to use a specific hostname instead of the default gateway's
# hardware address.
;setenv UV_HOSTNAME Hostname
###############################################################################
# Push extra info about the client to the server.
#
# The server currently uses:
# IV_HWADDR = Default gateway's MAC Address
# UV_HOSTNAME = Custom hostname
#
# They are required in order to set an hostname for the client.
push-peer-info
#
# workaround, see https://github.com/SoftEtherVPN/SoftEtherVPN/issues/1490
#
data-ciphers AES-128-CBC
2017-10-18 12:24:21 +03:00
###############################################################################
# Specify the type of the layer of the VPN connection.
#
2017-10-18 12:24:21 +03:00
# To connect to the VPN Server as a "Remote-Access VPN Client PC",
# specify 'dev tun'. (Layer-3 IP Routing Mode)
#
# To connect to the VPN Server as a bridging equipment of "Site-to-Site VPN",
Correct Spelling (#458) * spelling: accepts * spelling: account * spelling: accept * spelling: accumulate * spelling: adapter * spelling: address * spelling: additional * spelling: aggressive * spelling: adhered * spelling: allowed * spelling: ambiguous * spelling: amount * spelling: anonymous * spelling: acquisition * spelling: assemble * spelling: associated * spelling: assigns * spelling: attach * spelling: attempt * spelling: attribute * spelling: authenticate * spelling: authentication * spelling: available * spelling: bridging * spelling: cascade * spelling: cancel * spelling: check * spelling: challenge * spelling: changing * spelling: characters * spelling: cloud * spelling: compare * spelling: communication * spelling: compatible * spelling: compatibility * spelling: completion * spelling: complete * spelling: computers * spelling: configure * spelling: configuration * spelling: conformant * spelling: connection * spelling: contains * spelling: continuously * spelling: continue * spelling: convert * spelling: counters * spelling: create * spelling: created * spelling: cumulate * spelling: currently * spelling: debugging * spelling: decryption * spelling: description * spelling: default * spelling: driver * spelling: delete * spelling: destination * spelling: disabled * spelling: different * spelling: dynamically * spelling: directory * spelling: disappeared * spelling: disable * spelling: doesn't * spelling: download * spelling: dropped * spelling: enable * spelling: established * spelling: ether * spelling: except * spelling: expired * spelling: field * spelling: following * spelling: forever * spelling: firewall * spelling: first * spelling: fragment * spelling: function * spelling: gateway * spelling: identifier * spelling: identify * spelling: incoming * spelling: information * spelling: initialize * spelling: injection * spelling: inner * spelling: instead * spelling: installation * spelling: inserted * spelling: integer * spelling: interrupt * spelling: intuitive * spelling: interval * spelling: january * spelling: keybytes * spelling: know * spelling: language * spelling: length * spelling: library * spelling: listener * spelling: maintain * spelling: modified * spelling: necessary * spelling: number * spelling: obsoleted * spelling: occurred * spelling: occurring * spelling: occur * spelling: original * spelling: omittable * spelling: omit * spelling: opening * spelling: operation * spelling: packet * spelling: parameters * spelling: pointed * spelling: popupmenuopen * spelling: privilege * spelling: product * spelling: protection * spelling: promiscuous * spelling: prompt * spelling: query * spelling: random * spelling: reconnection * spelling: revocation * spelling: received * spelling: red hat * spelling: registry * spelling: release * spelling: retrieve
2018-05-17 00:47:10 +03:00
# specify 'dev tap'. (Layer-2 Ethernet Bridging Mode)
2017-10-18 12:24:21 +03:00
dev $TAG_TUN_TAP$
###############################################################################
# Specify the underlying protocol beyond the Internet.
# Note that this setting must be correspond with the listening setting on
# the VPN Server.
#
2017-10-18 12:24:21 +03:00
# Specify either 'proto tcp' or 'proto udp'.
proto $TAG_PROTO$
###############################################################################
# The destination hostname / IP address, and port number of
# the target VPN Server.
#
2017-10-18 12:24:21 +03:00
# You have to specify as 'remote <HOSTNAME> <PORT>'. You can also
# specify the IP address instead of the hostname.
#
2017-10-18 12:24:21 +03:00
# Note that the auto-generated below hostname are a "auto-detected
# IP address" of the VPN Server. You have to confirm the correctness
# beforehand.
#
2017-10-18 12:24:21 +03:00
# When you want to connect to the VPN Server by using TCP protocol,
# the port number of the destination TCP port should be same as one of
# the available TCP listeners on the VPN Server.
#
2017-10-18 12:24:21 +03:00
# When you use UDP protocol, the port number must same as the configuration
# setting of "OpenVPN Server Compatible Function" on the VPN Server.
$TAG_BEFORE_REMOTE$remote $TAG_HOSTNAME$ $TAG_PORT$
###############################################################################
# The HTTP/HTTPS proxy setting.
#
2017-10-18 12:24:21 +03:00
# Only if you have to use the Internet via a proxy, uncomment the below
# two lines and specify the proxy address and the port number.
# In the case of using proxy-authentication, refer the OpenVPN manual.
;http-proxy-retry
;http-proxy [proxy server] [proxy port]
###############################################################################
# The encryption and authentication algorithm.
#
# The default setting is compatible with most clients. Modify it as you prefer.
# It is recommended to use a better algorithm if your client supports it.
# When you specify an unsupported algorithm, an error will occur.
2017-10-18 12:24:21 +03:00
cipher AES-128-CBC
auth SHA1
###############################################################################
# Other parameters necessary to connect to the VPN Server.
#
2017-10-18 12:24:21 +03:00
# It is not recommended to modify it unless you have a particular need.
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
###############################################################################
# Authentication with credentials.
#
# Comment the line out in case you want to use the certificate authentication.
2017-10-18 12:24:21 +03:00
auth-user-pass
###############################################################################
# The certificate file of the destination VPN Server.
#
2017-10-18 12:24:21 +03:00
# The CA certificate file is embedded in the inline format.
# You can replace this CA contents if necessary.
# Please note that if the server certificate is not a self-signed, you have to
# specify the signer's root certificate (CA) here.
<ca>
$CA$
</ca>
###############################################################################
# Client certificate and key.
#
# A pair of client certificate and private key is required in case you want to
# use the certificate authentication.
#
# To enable it, uncomment the lines below.
# Paste your certificate in the <cert> block and the key in the <key> one.
2017-10-18 12:24:21 +03:00
;<cert>
;-----BEGIN CERTIFICATE-----
;
;-----END CERTIFICATE-----
;</cert>
2017-10-18 12:24:21 +03:00
;<key>
;-----BEGIN RSA PRIVATE KEY-----
;
;-----END RSA PRIVATE KEY-----
;</key>