Zack Williams | becdc0e | 2022-03-26 07:08:25 -0700 | [diff] [blame] | 1 | # openvpn client.conf - {{ ansible_managed }} |
2 | {# | ||||
3 | SPDX-FileCopyrightText: © 2022 Open Networking Foundation <support@opennetworking.org> | ||||
4 | SPDX-License-Identifier: Apache-2.0 | ||||
5 | #} | ||||
6 | |||||
7 | # security | ||||
8 | tls-client | ||||
9 | tls-version-min 1.3 | ||||
10 | cipher AES-256-GCM | ||||
11 | auth SHA256 | ||||
12 | |||||
13 | # connection | ||||
14 | dev tun | ||||
15 | proto udp | ||||
16 | port 1194 | ||||
17 | remote {{ openvpn_server_name }} | ||||
18 | |||||
19 | # security | ||||
20 | remote-cert-tls server | ||||
21 | auth-nocache | ||||
22 | nobind | ||||
23 | persist-key | ||||
24 | persist-tun | ||||
25 | |||||
26 | # logging | ||||
27 | verb 4 | ||||
28 | mute 10 | ||||
29 | |||||
30 | # IP config | ||||
31 | topology subnet | ||||
32 | pull | ||||
33 | |||||
34 | # CA certificates | ||||
35 | <ca> | ||||
36 | </ca> | ||||
37 | |||||
38 | # TLS auth | ||||
39 | key-direction 1 | ||||
40 | <tls-auth> | ||||
41 | </tls-auth> | ||||
42 | |||||
43 | # client key | ||||
44 | <key> | ||||
45 | </key> | ||||
46 | |||||
47 | # client cert | ||||
48 | <cert> | ||||
49 | </cert> |