/
openvpn_server.conf.obfs4.sample
43 lines (34 loc) · 1.46 KB
/
openvpn_server.conf.obfs4.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# Do NOT use these options:
# "local" - will be set by the script
# "port","lport" - will be set by the script
# "proto" - will be set to tcp-server by the script
# "daemon","inetd" - you can use obfs4proxy-openvpn.service.sample file
# to make a proper systemd service instead.
# options that shouldn't be used for TCP tunneling
# options that can't generally be used on openvpn server side
# "server" mode can also be used. config just gets slightly more complex
mode p2p
# tun device name
dev tun_obfs4
# tun device local and remote IP
ifconfig 10.1.0.1 10.1.0.2
# Optimizing TCP tunnel
socket-flags TCP_NODELAY
# While openvpn can be run as root, it's recommended to use a non-privileged
# user for it. The user 'nobody' should be readily available on all distros
# but its better if you use a dedicated user/group like 'openvpn/openvpn' instead.
user nobody
# We need these as we are dropping privilege
persist-tun
persist-key
# It takes less than a second to setup a pre-shared key on the server:
# "openvpn --genkey --secret /etc/openvpn/secret.obfs4.key"
# This key needs to be imported to the client as well.
#
# For more advanced options, take a look at:
# https://hamy.io/post/000f/obfs4proxy-openvpn-obfuscating-openvpn-traffic-using-obfs4/#cia-triad
#
secret /etc/openvpn/secret.obfs4.key 0
# This is to override the default insecure cipher in openvpn
# Use 'openvpn --show-ciphers' to see the list of all available ciphers
cipher AES-256-CBC