# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
- option ca ca.crt
- option cert server.crt
+ option ca /etc/openvpn/ca.crt
+ option cert /etc/openvpn/server.crt
# This file should be kept secret:
- option key server.key
+ option key /etc/openvpn/server.key
# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
- option dh dh1024.pem
+ option dh /etc/openvpn/dh1024.pem
# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
- option ifconfig_pool_persist ipp.txt
+ option ifconfig_pool_persist /tmp/ipp.txt
# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
-# option client_config_dir ccd
+# option client_config_dir /etc/openvpn/ccd
# list route "192.168.40.128 255.255.255.248"
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
-# option client_config_dir ccd
+# option client_config_dir /etc/openvpn/ccd
# list route "10.9.0.0 255.255.255.252"
# list route "192.168.100.0 255.255.255.0"
# Then add this line to ccd/Thelonious:
# modify the firewall in response to access
# from different clients. See man
# page for more info on learn-address script.
-# option learn_address ./script
+# option learn_address /etc/openvpn/script
# If enabled, this directive will configure
# all clients to redirect their default
# The second parameter should be '0'
# on the server and '1' on the clients.
# This file is secret:
-# option tls_auth "ta.key 0"
+# option tls_auth "/etc/openvpn/ta.key 0"
# Select a cryptographic cipher.
# This config item must be copied to
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
- option status openvpn-status.log
+ option status /tmp/openvpn-status.log
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
-# option log openvpn.log
-# option log_append openvpn.log
+# option log /tmp/openvpn.log
+# option log_append /tmp/openvpn.log
# Set the appropriate level of log
# file verbosity.
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
- option ca ca.crt
- option cert client.crt
- option key client.key
+ option ca /etc/openvpn/ca.crt
+ option cert /etc/openvpn/client.crt
+ option key /etc/openvpn/client.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# If a tls_auth key is used on the server
# then every client must also have the key.
-# option tls_auth "ta.key 1"
+# option tls_auth "/etc/openvpn/ta.key 1"
# Select a cryptographic cipher.
# If the cipher option is used on the server