openvpn-conf.sh 936 Bytes
Newer Older
mehdi's avatar
mehdi committed
1 2
#!/bin/bash

3
echo "# Server TCP/${VPN_TCP_PORT:?}
mehdi's avatar
mehdi committed
4
mode server
mehdi's avatar
mehdi committed
5
tls-server
mehdi's avatar
mehdi committed
6
proto tcp
7
port ${VPN_TCP_PORT:?}
mehdi's avatar
mehdi committed
8 9
dev tun
dev-node /app/code/net-tun
10
# Keys and certificates
mehdi's avatar
mehdi committed
11 12 13 14 15
ca /app/data/keys/ca.crt
cert /app/data/keys/cloudron.crt
key /app/data/keys/cloudron.key
dh /app/data/keys/dh2048.pem
tls-auth /app/data/keys/ta.key 0
16 17
crl-verify /app/data/keys/crl.pem
cipher AES-256-CBC
mehdi's avatar
mehdi committed
18
auth SHA256
mehdi's avatar
mehdi committed
19 20 21
# Network
server 10.8.0.0 255.255.255.0
push \"redirect-gateway def1 bypass-dhcp\"
Girish Ramakrishnan's avatar
Girish Ramakrishnan committed
22
push \"dhcp-option DNS 10.8.0.1\"
Johannes Zellner's avatar
Johannes Zellner committed
23
push \"dhcp-option DOMAIN ${CLOUDRON_APP_DOMAIN}\"
mehdi's avatar
mehdi committed
24 25 26
client-to-client
keepalive 10 120
# Security
27 28
user cloudron
group cloudron
mehdi's avatar
mehdi committed
29 30 31 32 33 34
persist-key
persist-tun
# Log
verb 3
mute 20
status /run/openvpn-status.log
35 36
# Hooks to update server status
script-security 2
37 38 39
client-connect /app/code/hooks/openvpn-on-client-connect.sh
client-disconnect /app/code/hooks/openvpn-on-client-disconnect.sh
learn-address /app/code/hooks/openvpn-on-learn-address.sh
mehdi's avatar
mehdi committed
40
"