Created
May 3, 2020 23:31
-
-
Save vallamost/f10f043e7a300d6ef1b44e88765a4131 to your computer and use it in GitHub Desktop.
2020 - OpenVPN + FreeIPA Configs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #configure freeIPA and generate certs + | |
| https://gist.github.com/rechner/c6b9133b7816445b5850f8e22e16aa60 | |
| # generate certs from freeIPA | |
| sudo ipa-getcert request -K openvpn/`hostname` -k /etc/openvpn/server_freeipa.key -f /etc/openvpn/server_freeipa.crt -I openvpn -C /usr/local/sbin/set-ssl-permissions | |
| #openvpn server config | |
| local <addressToBindTo> | |
| port 1194 | |
| proto udp | |
| dev tun | |
| ca /etc/ipa/ca.crt | |
| cert server_freeipa.crt | |
| key server_freeipa.key | |
| dh dh2048.pem # needed to generate, $ openssl dhparam -out dh2048.pem 2048 | |
| client-cert-not-required | |
| username-as-common-name | |
| topology subnet | |
| server 10.8.0.0 255.255.255.0 | |
| push "redirect-gateway def1 bypass-dhcp" | |
| ifconfig-pool-persist ipp.txt | |
| push "dhcp-option DNS 192.168.9.1" | |
| keepalive 10 120 | |
| plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so "openvpn" | |
| verb 3 | |
| status openvpn-status.log | |
| #client config | |
| client | |
| dev tun | |
| proto udp | |
| remote <yourOpenVPNDomainOrIP> 1194 | |
| resolv-retry infinite | |
| nobind | |
| persist-key | |
| persist-tun | |
| auth-user-pass | |
| cipher AES-256-CBC | |
| ignore-unknown-option block-outside-dns | |
| verb 3 | |
| <ca> | |
| -----BEGIN CERTIFICATE----- | |
| yourFreeIPACert | |
| -----END CERTIFICATE----- | |
| </ca> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment