diff options
Diffstat (limited to '')
| -rw-r--r-- | sample-config-files/client.conf | 2 | ||||
| -rw-r--r-- | sample-config-files/server.conf | 30 |
2 files changed, 20 insertions, 12 deletions
diff --git a/sample-config-files/client.conf b/sample-config-files/client.conf index 9dd3a65..58b2038 100644 --- a/sample-config-files/client.conf +++ b/sample-config-files/client.conf @@ -100,7 +100,7 @@ key client.key # your server certificates with the nsCertType # field set to "server". The build-key-server # script in the easy-rsa folder will do this. -;ns-cert-type server +ns-cert-type server # If a tls-auth key is used on the server # then every client must also have the key. diff --git a/sample-config-files/server.conf b/sample-config-files/server.conf index f80ce8b..f483b6b 100644 --- a/sample-config-files/server.conf +++ b/sample-config-files/server.conf @@ -114,6 +114,18 @@ ifconfig-pool-persist ipp.txt # out unless you are ethernet bridging. ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 +# Configure server mode for ethernet bridging +# using a DHCP-proxy, where clients talk +# to the OpenVPN server-side DHCP server +# to receive their IP address allocation +# and DNS server addresses. You must first use +# your OS's bridging capability to bridge the TAP +# interface with the ethernet NIC interface. +# Note: this mode only works on clients (such as +# Windows), where the client-side TAP adapter is +# bound to a DHCP client. +;server-bridge + # Push routes to the client to allow it # to reach other private subnets behind # the server. Remember that these @@ -170,22 +182,18 @@ ifconfig-pool-persist ipp.txt # all IP traffic such as web browsing and # and DNS lookups to go through the VPN # (The OpenVPN server machine may need to NAT -# the TUN/TAP interface to the internet in -# order for this to work properly). -# CAVEAT: May break client's network config if -# client's local DHCP server packets get routed -# through the tunnel. Solution: make sure -# client's local DHCP server is reachable via -# a more specific route than the default route -# of 0.0.0.0/0.0.0.0. -;push "redirect-gateway" +# or bridge the TUN/TAP interface to the internet +# in order for this to work properly). +;push "redirect-gateway def1 bypass-dhcp" # Certain Windows-specific network settings # can be pushed to clients, such as DNS # or WINS server addresses. CAVEAT: # http://openvpn.net/faq.html#dhcpcaveats -;push "dhcp-option DNS 10.8.0.1" -;push "dhcp-option WINS 10.8.0.1" +# The addresses below refer to the public +# DNS servers provided by opendns.com. +;push "dhcp-option DNS 208.67.222.222" +;push "dhcp-option DNS 208.67.220.220" # Uncomment this directive to allow different # clients to be able to "see" each other. |