port 52418 # default port
proto udp # default protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/3.0/pki/ca.crt
cert /etc/openvpn/easy-rsa/3.0/pki/issued/server.crt
key /etc/openvpn/easy-rsa/3.0/pki/private/server.key
dh /etc/openvpn/easy-rsa/3.0/pki/dh.pem
#plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login # 使用系统账号登录
plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf # 使用freeradius账号登录
server 10.8.0.0 255.255.255.0 # 分配给VPN客户端的地址范围
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "route 192.168.0.0 255.255.255.0"    #指定VPN客户端访问你服务器的内网网段
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 2 20
comp-lzo
persist-key
persist-tun
status openvpn-status.log
#log-append openvpn.log
verb 3
client-to-client
#duplicate-cn
#script-security 3 
#auth-user-pass-verify /etc/openvpn/checkpsw.sh via-env 
client-cert-not-required #启用后，就关闭证书认证，只通过账号密码认证 
username-as-common-name
cipher BF-CBC