network/salt/vpn/openvpn.conf

{%- set conf = pillar['openvpn'][name] %}
client
dev {{ name }}
dev-type tun
proto udp

remote {{ conf['server'] }}
resolv-retry infinite
nobind

user nobody
group nogroup
persist-key
persist-tun

log /var/log/openvpn-{{ name }}.log

#ifconfig-noexec
route 0.0.0.0 0.0.0.0
#route-nopull
up /etc/openvpn/{{ name }}.up
script-security 2

auth-user-pass /etc/openvpn/{{ name }}.auth
auth-retry nointeract

ca [inline]

tls-client
tls-auth [inline]
setenv CLIENT_CERT 0
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun

reneg-sec 0

remote-cert-tls server

keepalive 10 30
cipher AES-256-CBC
auth SHA512
comp-lzo no
fast-io


passtos
verb 1


<ca>
{{ conf['ca'] }}
</ca>

key-direction 1
<tls-auth>
{{ conf['key'] }}
</tls-auth>
this is the shit 2016-11-15 01:33:17 +01:00			`{%- set conf = pillar['openvpn'][name] %}`
			`client`
			`dev {{ name }}`
			`dev-type tun`
			`proto udp`

			`remote {{ conf['server'] }}`
			`resolv-retry infinite`
			`nobind`

			`user nobody`
			`group nogroup`
			`persist-key`
			`persist-tun`

			`log /var/log/openvpn-{{ name }}.log`

			`#ifconfig-noexec`
			`route 0.0.0.0 0.0.0.0`
			`#route-nopull`
more of the good stuff 2016-11-16 01:17:28 +01:00			`up /etc/openvpn/{{ name }}.up`
this is the shit 2016-11-15 01:33:17 +01:00			`script-security 2`

			`auth-user-pass /etc/openvpn/{{ name }}.auth`
			`auth-retry nointeract`

			`ca [inline]`

			`tls-client`
			`tls-auth [inline]`
anon1: switch from mullvad to protonvpn 2021-02-08 16:00:33 +01:00			`setenv CLIENT_CERT 0`
			`tun-mtu 1500`
			`tun-mtu-extra 32`
			`mssfix 1450`
			`persist-key`
			`persist-tun`

			`reneg-sec 0`

			`remote-cert-tls server`
this is the shit 2016-11-15 01:33:17 +01:00
			`keepalive 10 30`
			`cipher AES-256-CBC`
anon1: switch from mullvad to protonvpn 2021-02-08 16:00:33 +01:00			`auth SHA512`
			`comp-lzo no`
			`fast-io`
this is the shit 2016-11-15 01:33:17 +01:00

			`passtos`
openvpn improvement 2016-11-18 02:34:34 +01:00			`verb 1`
this is the shit 2016-11-15 01:33:17 +01:00

			`<ca>`
			`{{ conf['ca'] }}`
			`</ca>`

anon1: fixes 2021-02-08 16:39:06 +01:00			`key-direction 1`
this is the shit 2016-11-15 01:33:17 +01:00			`<tls-auth>`
			`{{ conf['key'] }}`
			`</tls-auth>`