No flaws found in OpenVPN software. Our response to the CVE-2019-14899 vulnerability report.

Creating configuration files for server and clients

Getting the sample config files

It’s best to use the OpenVPN sample configuration files as a starting point for your own configuration. These files can also be found in

Note that on Linux, BSD, or unix-like OSes, the sample configuration files are named server.conf and client.conf. On Windows they are named server.ovpn and client.ovpn.

Editing the server configuration file

The sample server configuration file is an ideal starting point for an OpenVPN server configuration. It will create a VPN using a virtual TUN network interface (for routing), will listen for client connections on UDP port 1194 (OpenVPN’s official port number), and distribute virtual addresses to connecting clients from the 10.8.0.0/24 subnet.

Before you use the sample configuration file, you should first edit the cacertkey, and dh parameters to point to the files you generated in the PKI section above.

At this point, the server configuration file is usable, however you still might want to customize it further:

If you want to run multiple OpenVPN instances on the same machine, each using a different configuration file, it is possible if you:

Editing the client configuration files

The sample client configuration file (client.conf on Linux/BSD/Unix or client.ovpn on Windows) mirrors the default directives set in the sample server configuration file.

Share