-
Notifications
You must be signed in to change notification settings - Fork 55
/
openvpn-client-tun.ovpn
35 lines (35 loc) · 1.19 KB
/
openvpn-client-tun.ovpn
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
####
## Mac UDP client configuration version 2.0
####
client
dev tun
proto udp
remote domainname.tld 443
redirect-gateway def1
;user nobody
;group nobody
remote-cert-tls server
<ca>
; paste ca.pem and remove these comments:
; openssl x509 -in pki/ca.crt | pbcopy
</ca>
<cert>
; paste client cert and remove these comments:
; openssl x509 -in pki/issued/client-domainname.crt -text | pbcopy
</cert>
<key>
; paste client key and remove these comments:
; openssl pkey -in pki/private/client-domainname.key -out pki/private/client-domainname.key.decrypted
; pbcopy < pki/private/client-domainname.key.decrypted
; rm pki/private/client-domainname.key.decrypted
</key>
key-direction 1
<tls-crypt>
; paste ta.key and remove these comments:
; pbcopy < pki/ta.key
</tls-crypt>
cipher AES-256-GCM
tls-version-min 1.3
; openvpn --show-tls | grep -e '^TLS' | grep -v 128 | grep -v -e 'SHA$' | grep -v GCM
; tls-cipher TLS_CHACHA20_POLY1305_SHA256:TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256:TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
;client-http-proxy 10.0.1.3 8118