-
Notifications
You must be signed in to change notification settings - Fork 17
/
obfs4proxy-openvpn.conf.sample
82 lines (60 loc) · 2.71 KB
/
obfs4proxy-openvpn.conf.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
#
# Edit this file to your need and save it as /etc/obfs4proxy-openvpn.conf
#
# If there are multiple enteries of the same kind, the last one wins the race
#
### General settings ###########################
# Mode of operation: client|server
# Transport: obfs4|obfs3|obfs2
MODE server
TRANSPORT obfs4
################################################
### obfs4 transport settings ###################
# Mode of IAT: 0-2
IAT_MODE 0
################################################
### General client mode settings ###############
# UPSTREAM_PROXY is needed if you are behind a proxy server
#CLIENT_UPSTREAM_PROXY socks5://corp:[email protected]:1080
################################################
### obfs4 transport in client mode settings ####
# Either CERT or (NODE_ID && PUBLIC_KEY) should be specified
# You can extract the CERT from the obfs4proxy server,
# by using 'obfs4proxy-openvpn --export-cert -' on the server
#CLIENT_REMOTE_CERT ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/ABCDEF
#
#CLIENT_REMOTE_NODE_ID 0123456789abcdef0123456789abcdef01234567
#CLIENT_REMOTE_PUBLIC_KEY 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
################################################
### General server mode settings ###############
# OBFS4_BIND_ADDR:OBFS4_BIND_PORT is the one that should also be set
# as '--remote' in openvpn_client.conf.obfs4.
# Bear in mind that using a port <1024 for OBFS4_BIND_PORT could fail,
# due to OBFS4PROXY_UID setup.
# You likely don't need to change OPENVPN_BIND_ADDR:OPENVPN_BIND_PORT
# but it can potentially be used to provide both obfuscated and
# non-obfuscated openvpn traffic at the same time when OPENVPN_BIND_ADDR
# is set to 0.0.0.0 .
SERVER_OBFS4_BIND_ADDR 0.0.0.0
SERVER_OBFS4_BIND_PORT 1516
SERVER_OPENVPN_BIND_ADDR 127.0.0.1
SERVER_OPENVPN_BIND_PORT 1515
################################################
### OpenVPN config file ########################
# In Debian based distros, it's better to not use .conf extension
# if you're going to place it in default openvpn conf folders
# to avoid accidental auto-startup by openvpn systemd unit.
OPENVPN_CONFIG_FILE /etc/openvpn/openvpn_server.conf.obfs4
################################################
### obfs4proxy settings ########################
# Don't change these unless you know what you're doing.
# WORKING_DIR is Absuloute path only.
# LOG_LEVEL: none|error|warn|info|debug
# LOG_IP is supposed to disable scrubbing addresses in the log
# but doesn't really seem to work.
OBFS4PROXY_WORKING_DIR /var/lib/obfs4proxy-openvpn
OBFS4PROXY_UID obfs4-ovpn
OBFS4PROXY_GID obfs4-ovpn
OBFS4PROXY_LOG_LEVEL error
OBFS4PROXY_LOG_IP false
################################################