port 1194
proto udp
dev tun
server 10.8.0.0 255.255.255.0
topology subnet
ifconfig-pool-persist /etc/openvpn/ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
cipher AES-256-GCM
user nobody
group nogroup
persist-key
persist-tun
status /etc/openvpn/openvpn-status.log
log /etc/openvpn/openvpn.log
verb 3
# Enable this setting if you already generated crl.pem file
# crl-verify /etc/openvpn/crl.pem
# Enable this setting if you want set static IP address for clients
# client-config-dir /etc/openvpn/ccd
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh.pem
tls-auth /etc/openvpn/ta.key 0
client
dev tun
proto udp
remote X.X.X.X 1194
resolv-retry infinite
nobind
persist-key
persist-tun
keepalive 10 120
cipher AES-256-GCM
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
client
dev tun
proto udp
remote X.X.X.X 1194
cipher AES-256-GCM
auth SHA512
keepalive 10 60
ca ca.crt
cert pfsense-client.crt
key pfsense-client.key
tls-auth ta.key 1
key-direction 1
client
dev tun
proto udp
remote X.X.X.X 1194
cipher AES-256-GCM
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>