Re: Secure OpenVPN server setup with multi-factor authentication (Google Authenticator): step-by-ste

I have my TCP connection listening to port 1194. 

local-host 10.x.x.x
local-port 1194
mode server

Port forwarding redirects the traffic.

rule 1 {
description "OpenVPN TCP"
forward-to {
address 10.x.x.x
port 1194
}
original-port 443
protocol tcp
}

I also have a few config items set differently:

openvpn-option --tls-server
openvpn-option --comp-lzo
openvpn-option "--user nobody --group nogroup"
openvpn-option --persist-key
openvpn-option --persist-tun
openvpn-option --persist-local-ip
openvpn-option --persist-remote-ip
openvpn-option "--keepalive 8 30"
openvpn-option "--verb 5"
openvpn-option --client-to-client
openvpn-option "--ifconfig-pool-persist /config/auth/openvpn/vtun0-ipp.txt"
openvpn-option "--push redirect-gateway def1"
openvpn-option "--push dhcp-option DNS 10.x.x.1"
openvpn-option "--tls-auth /config/auth/openvpn/keys/ta.key 0"
openvpn-option "--plugin /usr/lib/openvpn/openvpn-auth-pam.so openvpn"
openvpn-option "--cipher AES-128-CBC"
openvpn-option "--tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA"
openvpn-option --float
openvpn-option "--tcp-queue-limit 256"
protocol tcp-passive
server {
subnet 10.x.y.0/24
}