Customization¶
Client Configuration Template¶
The client .ovpn files are generated from a template at:
You can modify this template to add custom directives that will be included in all new client configurations.
Example: adding a custom route to push:
Note
Changes to the template only affect newly generated clients. Existing .ovpn files are not updated.
Server Configuration¶
The main server configuration file is at:
After modifying server.conf, restart the service:
Common Customizations¶
Client-to-Client Communication¶
Allow VPN clients to communicate with each other directly:
Push LAN Routes¶
Give VPN clients access to the server's local network:
Split Tunnel¶
By default, all traffic is routed through the VPN. To route only specific subnets:
- Remove
push "redirect-gateway"fromserver.conf - Add specific routes:
Custom Push Options¶
Batch Client Creation¶
Create multiple clients using a loop:
With password protection:
for client in alice bob charlie; do
sudo ./openvpn-install.sh client add "$client" --password "$(openssl rand -base64 16)"
done
Port 443 Multiplexing¶
If you need to run OpenVPN on TCP/443 alongside a web server, use a reverse proxy like HAProxy or SSLH to multiplex the port:
SSLH Example¶
Configure SSLH to listen on port 443 and forward:
- OpenVPN traffic to
localhost:1194 - HTTPS traffic to
localhost:8443
HAProxy Example¶
frontend https
bind *:443
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
use_backend openvpn if !{ req.ssl_hello_type 1 }
default_backend webserver
backend openvpn
mode tcp
server openvpn 127.0.0.1:1194
backend webserver
mode tcp
server web 127.0.0.1:8443
Logging¶
Custom Log Location¶
Disable File Logging¶
Use systemd journal only: