server config:
port 80
proto udp
dev tun
cd "/usr/local/etc/openvpn/keys"
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/server.crt
key /usr/local/etc/openvpn/keys/server.key
dh /usr/local/etc/openvpn/keys/dh2048.pem
tls-auth /usr/local/etc/openvpn/keys/ta.key 0
server 10.8.1.0 255.255.255.0
persist-key
persist-tun
topology subnet
keepalive 10 120
verb 3
local 0.0.0.0
user nobody
group nobody
log openvpn.log
client-to-client
comp-lzo
push "redirect-gateway def1"
client config:
client
ns-cert-type server
dev tun
remote x.x.x.x 80 udp
resolv-retry infinite
nobind
cd "C:\\Users\\Ben\\keys"
ca "C:\\Users\\Ben\\keys\\ca.crt"
cert "C:\\Users\\Ben\\keys\\client.crt"
key "C:\\Users\\Ben\\keys\\client.key"
tls-auth "C:\\Users\\Ben\\keys\\ta.key" 1
persist-key
persist-tun
verb 3
group wheel
comp-lzo
firewall config (pf):
ext_if="em0"
vpn_if="tun0"
set skip on lo
scrub in
nat on $ext_if from 10.8.0.0/24 to any -> $ext_if
block in log
pass out keep state
pass in on $vpn_if keep state
pass in on $ext_if proto udp to ($ext_if) port 80
pass out proto icmp keep state
pass in proto icmp keep state
pass in on $ext_if proto tcp to ($ext_if) port 111