2017-10-18 12:24:21 +03:00
|
|
|
###############################################################################
|
|
|
|
|
# OpenVPN 2.0 Sample Configuration File
|
|
|
|
|
# for PacketiX VPN / SoftEther VPN Server
|
|
|
|
|
#
|
|
|
|
|
# !!! AUTO-GENERATED BY SOFTETHER VPN SERVER MANAGEMENT TOOL !!!
|
|
|
|
|
#
|
|
|
|
|
# !!! YOU HAVE TO REVIEW IT BEFORE USE AND MODIFY IT AS NECESSARY !!!
|
|
|
|
|
#
|
|
|
|
|
# This configuration file is auto-generated. You might use this config file
|
|
|
|
|
# in order to connect to the PacketiX VPN / SoftEther VPN Server.
|
|
|
|
|
# However, before you try it, you should review the descriptions of the file
|
|
|
|
|
# to determine the necessity to modify to suitable for your real environment.
|
|
|
|
|
# If necessary, you have to modify a little adequately on the file.
|
|
|
|
|
# For example, the IP address or the hostname as a destination VPN Server
|
|
|
|
|
# should be confirmed.
|
|
|
|
|
#
|
|
|
|
|
# Note that to use OpenVPN 2.0, you have to put the certification file of
|
|
|
|
|
# the destination VPN Server on the OpenVPN Client computer when you use this
|
|
|
|
|
# config file. Please refer the below descriptions carefully.
|
|
|
|
|
|
|
|
|
|
|
2018-04-16 19:20:09 +03:00
|
|
|
###############################################################################
|
|
|
|
|
# Custom hostname setting.
|
|
|
|
|
#
|
|
|
|
|
# Uncomment the line and replace "Hostname" with your desired string, if you
|
|
|
|
|
# want the server to use a specific hostname instead of the default gateway's
|
|
|
|
|
# hardware address.
|
|
|
|
|
|
|
|
|
|
;setenv UV_HOSTNAME Hostname
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
|
# Push extra info about the client to the server.
|
|
|
|
|
#
|
|
|
|
|
# The server currently uses:
|
|
|
|
|
# IV_HWADDR = Default gateway's MAC Address
|
|
|
|
|
# UV_HOSTNAME = Custom hostname
|
|
|
|
|
#
|
|
|
|
|
# They are required in order to set an hostname for the client.
|
|
|
|
|
|
|
|
|
|
push-peer-info
|
|
|
|
|
|
|
|
|
|
|
2017-10-18 12:24:21 +03:00
|
|
|
###############################################################################
|
|
|
|
|
# Specify the type of the layer of the VPN connection.
|
|
|
|
|
#
|
|
|
|
|
# To connect to the VPN Server as a "Remote-Access VPN Client PC",
|
|
|
|
|
# specify 'dev tun'. (Layer-3 IP Routing Mode)
|
|
|
|
|
#
|
|
|
|
|
# To connect to the VPN Server as a bridging equipment of "Site-to-Site VPN",
|
2018-05-17 00:47:10 +03:00
|
|
|
# specify 'dev tap'. (Layer-2 Ethernet Bridging Mode)
|
2017-10-18 12:24:21 +03:00
|
|
|
|
|
|
|
|
dev $TAG_TUN_TAP$
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
|
# Specify the underlying protocol beyond the Internet.
|
|
|
|
|
# Note that this setting must be correspond with the listening setting on
|
|
|
|
|
# the VPN Server.
|
|
|
|
|
#
|
|
|
|
|
# Specify either 'proto tcp' or 'proto udp'.
|
|
|
|
|
|
|
|
|
|
proto $TAG_PROTO$
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
|
# The destination hostname / IP address, and port number of
|
|
|
|
|
# the target VPN Server.
|
|
|
|
|
#
|
|
|
|
|
# You have to specify as 'remote <HOSTNAME> <PORT>'. You can also
|
|
|
|
|
# specify the IP address instead of the hostname.
|
|
|
|
|
#
|
|
|
|
|
# Note that the auto-generated below hostname are a "auto-detected
|
|
|
|
|
# IP address" of the VPN Server. You have to confirm the correctness
|
|
|
|
|
# beforehand.
|
|
|
|
|
#
|
|
|
|
|
# When you want to connect to the VPN Server by using TCP protocol,
|
|
|
|
|
# the port number of the destination TCP port should be same as one of
|
|
|
|
|
# the available TCP listeners on the VPN Server.
|
|
|
|
|
#
|
|
|
|
|
# When you use UDP protocol, the port number must same as the configuration
|
|
|
|
|
# setting of "OpenVPN Server Compatible Function" on the VPN Server.
|
|
|
|
|
|
|
|
|
|
$TAG_BEFORE_REMOTE$remote $TAG_HOSTNAME$ $TAG_PORT$
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
|
# The HTTP/HTTPS proxy setting.
|
|
|
|
|
#
|
|
|
|
|
# Only if you have to use the Internet via a proxy, uncomment the below
|
|
|
|
|
# two lines and specify the proxy address and the port number.
|
|
|
|
|
# In the case of using proxy-authentication, refer the OpenVPN manual.
|
|
|
|
|
|
|
|
|
|
;http-proxy-retry
|
|
|
|
|
;http-proxy [proxy server] [proxy port]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
|
# The encryption and authentication algorithm.
|
|
|
|
|
#
|
|
|
|
|
# Default setting is good. Modify it as you prefer.
|
|
|
|
|
# When you specify an unsupported algorithm, the error will occur.
|
|
|
|
|
#
|
|
|
|
|
# The supported algorithms are as follows:
|
|
|
|
|
# cipher: [NULL-CIPHER] NULL AES-128-CBC AES-192-CBC AES-256-CBC BF-CBC
|
|
|
|
|
# CAST-CBC CAST5-CBC DES-CBC DES-EDE-CBC DES-EDE3-CBC DESX-CBC
|
|
|
|
|
# RC2-40-CBC RC2-64-CBC RC2-CBC CAMELLIA-128-CBC CAMELLIA-192-CBC CAMELLIA-256-CBC
|
|
|
|
|
# auth: SHA SHA1 SHA256 SHA384 SHA512 MD5 MD4 RMD160
|
|
|
|
|
|
|
|
|
|
cipher AES-128-CBC
|
|
|
|
|
auth SHA1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
|
# Other parameters necessary to connect to the VPN Server.
|
|
|
|
|
#
|
|
|
|
|
# It is not recommended to modify it unless you have a particular need.
|
|
|
|
|
|
|
|
|
|
resolv-retry infinite
|
|
|
|
|
nobind
|
|
|
|
|
persist-key
|
|
|
|
|
persist-tun
|
|
|
|
|
client
|
|
|
|
|
verb 3
|
2018-05-03 14:44:51 +03:00
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
|
# Authentication with credentials.
|
|
|
|
|
#
|
|
|
|
|
# Comment the line out in case you want to use the certificate authentication.
|
|
|
|
|
|
2017-10-18 12:24:21 +03:00
|
|
|
auth-user-pass
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
|
# The certificate file of the destination VPN Server.
|
|
|
|
|
#
|
|
|
|
|
# The CA certificate file is embedded in the inline format.
|
|
|
|
|
# You can replace this CA contents if necessary.
|
|
|
|
|
# Please note that if the server certificate is not a self-signed, you have to
|
|
|
|
|
# specify the signer's root certificate (CA) here.
|
|
|
|
|
|
|
|
|
|
<ca>
|
|
|
|
|
$CA$
|
|
|
|
|
</ca>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
###############################################################################
|
2018-05-03 14:44:51 +03:00
|
|
|
# Client certificate and key.
|
2017-10-18 12:24:21 +03:00
|
|
|
#
|
2018-05-03 14:44:51 +03:00
|
|
|
# A pair of client certificate and private key is required in case you want to
|
|
|
|
|
# use the certificate authentication.
|
|
|
|
|
#
|
|
|
|
|
# To enable it, uncomment the lines below.
|
|
|
|
|
# Paste your certificate in the <cert> block and the key in the <key> one.
|
2017-10-18 12:24:21 +03:00
|
|
|
|
2018-05-03 14:44:51 +03:00
|
|
|
;<cert>
|
|
|
|
|
;-----BEGIN CERTIFICATE-----
|
|
|
|
|
;
|
|
|
|
|
;-----END CERTIFICATE-----
|
|
|
|
|
;</cert>
|
2017-10-18 12:24:21 +03:00
|
|
|
|
2018-05-03 14:44:51 +03:00
|
|
|
;<key>
|
|
|
|
|
;-----BEGIN RSA PRIVATE KEY-----
|
|
|
|
|
;
|
|
|
|
|
;-----END RSA PRIVATE KEY-----
|
|
|
|
|
;</key>
|
