/
openvpn_client.conf.obfs4.sample
45 lines (35 loc) · 1.43 KB
/
openvpn_client.conf.obfs4.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# Do NOT use these options:
# "proto" - will be set to tcp-client by the script
# *proxy* - SOCKS5 proxy will be set by the script
# "daemon","inetd" - you can use obfs4proxy-openvpn.service.sample file
# to make a proper systemd service instead.
# options that shouldn't be used for TCP tunneling
# options that can't generally be used on openvpn client side
mode p2p
# tun device name
dev tun_obfs4
# Address and port of the obfs4proxy server
remote 10.11.12.13 1516
# tun device local and remote IP
ifconfig 10.1.0.2 10.1.0.1
# Optimizing TCP tunnel
socket-flags TCP_NODELAY
# While openvpn can be run as root, it's recommended to use a non-privileged
# user for it. The user 'nobody' should be readily available on all distros
# but its better if you use a dedicated user like 'openvpn' instead.
# Furthermore, for obfs4, it is advised that openvpn and obfs4proxy share the same
# group on the client side (to not run into permission issues later on).
user nobody
group obfs4-ovpn
# We need these as we are dropping privilege
persist-tun
persist-key
# The imported key from the server.
#
# For more advanced options, take a look at:
# https://hamy.io/post/000f/obfs4proxy-openvpn-obfuscating-openvpn-traffic-using-obfs4/#cia-triad
#
secret /etc/openvpn/secret.obfs4.key 1
# This is to override the default insecure cipher in openvpn
# Use 'openvpn --show-ciphers' to see the list of all available ciphers
cipher AES-256-CBC