openvpn.conf.template 1.23 KB
Newer Older
1 2 3 4
### Cloudron OpenVPN configuration
### Only specific options can be changed. Be sure to read the docs on what options
### are supported before editing this file - https://cloudron.io/documentation/apps/openvpn/

5
# Server TCP
mehdi's avatar
mehdi committed
6
mode server
mehdi's avatar
mehdi committed
7
tls-server
mehdi's avatar
mehdi committed
8
proto tcp
9
port ##VPN_TCP_PORT
mehdi's avatar
mehdi committed
10 11
dev tun
dev-node /app/code/net-tun
12

13
# Keys and certificates
mehdi's avatar
mehdi committed
14 15 16 17 18
ca /app/data/keys/ca.crt
cert /app/data/keys/cloudron.crt
key /app/data/keys/cloudron.key
dh /app/data/keys/dh2048.pem
tls-auth /app/data/keys/ta.key 0
19 20
crl-verify /app/data/keys/crl.pem
cipher AES-256-CBC
mehdi's avatar
mehdi committed
21
auth SHA256
22

mehdi's avatar
mehdi committed
23
# Network
24 25
# The OpenVPN app is only tested against the /24 subnet mask.
# Be sure to fixup the DNS server address if you change the network
mehdi's avatar
mehdi committed
26
server 10.8.0.0 255.255.255.0
27 28 29
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.8.0.1"
push "dhcp-option DOMAIN ##CLOUDRON_APP_DOMAIN"
mehdi's avatar
mehdi committed
30 31
client-to-client
keepalive 10 120
32

mehdi's avatar
mehdi committed
33
# Security
34 35
user cloudron
group cloudron
mehdi's avatar
mehdi committed
36 37
persist-key
persist-tun
38

mehdi's avatar
mehdi committed
39 40 41 42
# Log
verb 3
mute 20
status /run/openvpn-status.log
43

44 45
# Hooks to update server status
script-security 2
46 47 48
client-connect /app/code/hooks/openvpn-on-client-connect.sh
client-disconnect /app/code/hooks/openvpn-on-client-disconnect.sh
learn-address /app/code/hooks/openvpn-on-learn-address.sh
49

50 51
# Custom options go here