-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathpia.conf
42 lines (31 loc) · 990 Bytes
/
pia.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
resolv-retry infinite
nobind
persist-key
persist-tun
# disable caching the auth-token for sucessfully reauthing on ping-restart
pull-filter ignore "auth-token"
cipher aes-128-cbc
auth sha1
# ignore warnings about replays
mute-replay-warnings
# ca.crt and pem files from openvpn.zip downloaded from pia
ca /etc/openvpn/pia/ca.rsa.2048.crt
crl-verify /etc/openvpn/pia/crl.rsa.2048.pem
tls-client
remote-cert-tls server
# path to password file so you don't have to input pass on startup
# file format is username on one line password on second line
# make it only readable by root with: chmod 600 pass
auth-user-pass /etc/openvpn/pia/pass
# this suppresses the caching of the password and user name
auth-nocache
comp-lzo
verb 1
reneg-sec 0
disable-occ
# allows the ability to run user-defined script
script-security 2
# Don't add or remove routes automatically, pass env vars to route-up
# route-noexec
# run our script to make routes
route-up "/etc/openvpn/pia/forward-port.sh up"