OpenVPN - validate settings?

[Ramias]

I've seen a few posts on this and my system totally works, but with frequent changes to sever and client I'm hoping somebody can do a quick validation to see if I have optimal settings. My clients are iOS and Mac with the latest Tunnelblick.

Here's my file:

client
dev tun
proto udp
remote host 1194
float
ncp-ciphers AES-128-GCM
auth SHA512
keepalive 15 60
remote-cert-tls server
and then CA cert, server cert, key and tls-crypt cert and then
resolv-retry infinite
nobind

This is just to connect securely to my home Mac and windows via VNC/RDP and to a few local servers via http. I'm not traveling to China or anything. Do these settings look good? Any thing I should tune to have more optimal performance (connection time and CPU on router)?

Thanks

 

[elorimer]

I do a couple of things differently. One is I use tcp, not udp, and 443 not 1194, so as to improve the chances of connecting from public sites. I still have one pesky location where I can't seem to connect, but that solved two others.

Second, my home router is set up not to redirect internet traffic, and I have two config files, one containing "redirect-gateway def1", and the other not. I use the first when I am at a public hotspot (an airport) and the other when I am at a private hotspot. That way I can use one server instance for both. The other server instance I can use for something unusual, such as a tap instance, although I don't do that anymore.