new awesome build
This commit is contained in:
Антон
110
APP_PROFILER/templates/server.conf.j2
Normal file
110
APP_PROFILER/templates/server.conf.j2
Normal file
@@ -0,0 +1,110 @@
|
||||
dev tun
|
||||
proto {{ protocol }}
|
||||
{% if protocol == 'tcp' %}
|
||||
tls-server
|
||||
{% else %}
|
||||
# explicit-exit-notify 1
|
||||
explicit-exit-notify 1
|
||||
{% endif %}
|
||||
port {{ port }}
|
||||
|
||||
# Keys
|
||||
ca {{ ca_path }}
|
||||
cert {{ srv_cert_path }}
|
||||
key {{ srv_key_path }}
|
||||
dh {{ dh_path }}
|
||||
tls-auth {{ ta_path }} 0
|
||||
|
||||
{% if tun_mtu %}
|
||||
tun-mtu {{ tun_mtu }}
|
||||
{% endif %}
|
||||
{% if mssfix %}
|
||||
mssfix {{ mssfix }}
|
||||
{% endif %}
|
||||
|
||||
# Network topology
|
||||
topology subnet
|
||||
server {{ vpn_network }} {{ vpn_netmask }}
|
||||
|
||||
ifconfig-pool-persist /etc/openvpn/ipp.txt
|
||||
|
||||
log /etc/openvpn/openvpn.log
|
||||
log-append /etc/openvpn/openvpn.log
|
||||
|
||||
verb 3
|
||||
|
||||
# Use Extended Status Output
|
||||
status /etc/openvpn/openvpn-status.log 5
|
||||
status-version 2
|
||||
|
||||
# Tunneling Mode
|
||||
{% if tunnel_type == 'FULL' %}
|
||||
push "redirect-gateway def1 bypass-dhcp"
|
||||
# Full tunneling mode - all routes through VPN
|
||||
{% else %}
|
||||
# Split tunneling mode
|
||||
{% for route in split_routes %}
|
||||
push "route {{ route }}"
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
# DNS Configuration
|
||||
{% if user_defined_dns %}
|
||||
{% for dns in dns_servers %}
|
||||
push "dhcp-option DNS {{ dns }}"
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
# Client-to-client communication
|
||||
{% if client_to_client %}
|
||||
client-to-client
|
||||
{% else %}
|
||||
# client-to-client disabled
|
||||
{% endif %}
|
||||
|
||||
user nobody
|
||||
group nogroup
|
||||
|
||||
# Allow same profile on multiple devices simultaneously
|
||||
{% if duplicate_cn %}
|
||||
duplicate-cn
|
||||
{% else %}
|
||||
# duplicate-cn disabled
|
||||
{% endif %}
|
||||
|
||||
# data protection
|
||||
data-ciphers CHACHA20-POLY1305:AES-256-GCM:AES-256-CBC
|
||||
data-ciphers-fallback AES-256-CBC
|
||||
auth SHA256
|
||||
|
||||
keepalive 10 120
|
||||
|
||||
persist-key
|
||||
persist-tun
|
||||
|
||||
# check revocation list
|
||||
{% if crl_verify %}
|
||||
crl-verify /etc/openvpn/crl.pem
|
||||
{% else %}
|
||||
# crl-verify disabled
|
||||
{% endif %}
|
||||
|
||||
# Script Security Level
|
||||
{% if user_defined_cdscripts %}
|
||||
script-security 2
|
||||
|
||||
# Client Connect Script
|
||||
{% if connect_script %}
|
||||
client-connect "{{ connect_script }}"
|
||||
{% endif %}
|
||||
|
||||
# Client Disconnect Script
|
||||
{% if disconnect_script %}
|
||||
client-disconnect "{{ disconnect_script }}"
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
# Enable Management Interface
|
||||
{% if management_interface %}
|
||||
management {{ management_interface_address }} {{ management_port }}
|
||||
{% endif %}
|
||||
Reference in New Issue
Block a user