OpenVPN Configuration file for CSLab VPN Server

General server parameters

#daemon			# Linux ONLY
mode p2p
remote 147.102.3.30 5000
proto udp
dev tap

Keep alive settings

persist-tun
persist-key

Security context

mlock		# Linux ONLY
user nobody	# Linux ONLY
group nogroup	# Linux ONLY

Logging

verb 3
comp-lzo

Routing at the client side. Redirects *all* traffic to VPN (default gateway)

client
route-delay 0 60
#redirect-gateway # (αν θέλουμε default gw το cslab)
route remote_host 255.255.255.255 net_gateway # (για να βλέπουμε τον 147.102.3.30)
#route-gateway 147.102.3.200
#route 0.0.0.0 0.0.0.0 vpn_gateway
route-method exe
#show-net-up
float

SSL/TLS settings

tls-client
ca cslab-ca-cert.pem
cert cslab-vpn-USER.cert
key cslab-vpn-USER.key

tls-auth keys/cslab/cslab-vpn-static.txt

Validate the CN of the server certificate, to prevent man-in-the-middle attacks

tls-remote transporter.cslab.ece.ntua.gr

non-default cipher, must be set at all clients

cipher AES-256-CBC