tony-caffe · October 5, 2017 23:59
diff --git a/Conf Files for 2.4 b/Conf Files for 2.4
 ## Server.conf ##

 # Default Port used
 port 1194
 # Force UDP on IPv4 only
 proto udp4 #proto udp
 dev tun
 ca ca.crt
 cert server.crt
 key server.key
 dh dh2048.pem
 #  Custom Range
 server 10.10.108.0 255.255.255.0
 #Not needed for us# ifconfig-pool-persist ipp.txt
 #***Add local IP Address range used here - eth1***
 push "route 10.108.139.0 255.255.255.0"
 client-to-client
 keepalive 10 120
 # Set strong Cipher for 2.4 only clients
 cipher AES-256-GCM
 # Enable Backwards negotiated list for 2.3 clients
 ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC #cipher aes-256-cbc
 # Source the CRL File for Revocation
 crl-verify /etc/openvpn/crl.pem
 # Use the new Compress Algorithm
 compress #comp-lzo
 user nobody
 group nobody
 persist-key
 persist-tun
 # Help prevent MitM attack
 remote-cert-tls client
 status openvpn-status.log
 log         openvpn.log
 verb3 # verb 9
 # provide interface for lots of management goodness
 management localhost 7505
 #Add this option to Client config file # inactive 1800
 # Add TLS Server Directive to serv.conf
 # Be sure that tls-client is set in client ovpn file
 tls-auth ta.key 0
 # tls-server


 ## Client.conf ##

 client
 dev tun
 proto udp4 #proto udp
 remote x.x.x.x
 resolv-retry infinite
 nobind
 persist-key
 persist-tun
 ca ca.crt
 cert client_username
 key client_username
 remote-cert-tls server # ns-cert-type server
 compress #comp-lzo
 verb 3 
 script-security 2
 tls-auth ta.key 1
 cipher aes-256-cbc
 explicit-exit-notify 1
 inactive 1800
	## Server.conf ##

	# Default Port used
	port 1194
	# Force UDP on IPv4 only
	proto udp4 #proto udp
	dev tun
	ca ca.crt
	cert server.crt
	key server.key
	dh dh2048.pem
	# Custom Range
	server 10.10.108.0 255.255.255.0
	#Not needed for us# ifconfig-pool-persist ipp.txt
	#*Add local IP Address range used here - eth1*
	push "route 10.108.139.0 255.255.255.0"
	client-to-client
	keepalive 10 120
	# Set strong Cipher for 2.4 only clients
	cipher AES-256-GCM
	# Enable Backwards negotiated list for 2.3 clients
	ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC #cipher aes-256-cbc
	# Source the CRL File for Revocation
	crl-verify /etc/openvpn/crl.pem
	# Use the new Compress Algorithm
	compress #comp-lzo
	user nobody
	group nobody
	persist-key
	persist-tun
	# Help prevent MitM attack
	remote-cert-tls client
	status openvpn-status.log
	log openvpn.log
	verb3 # verb 9
	# provide interface for lots of management goodness
	management localhost 7505
	#Add this option to Client config file # inactive 1800
	# Add TLS Server Directive to serv.conf
	# Be sure that tls-client is set in client ovpn file
	tls-auth ta.key 0
	# tls-server


	## Client.conf ##

	client
	dev tun
	proto udp4 #proto udp
	remote x.x.x.x
	resolv-retry infinite
	nobind
	persist-key
	persist-tun
	ca ca.crt
	cert client_username
	key client_username
	remote-cert-tls server # ns-cert-type server
	compress #comp-lzo
	verb 3
	script-security 2
	tls-auth ta.key 1
	cipher aes-256-cbc
	explicit-exit-notify 1
	inactive 1800