############################################## # Sample client-side OpenVPN 2.0 config file # # for connecting to multi-client server. # # # # This configuration can be used by multiple # # clients, however each client should have # # its own cert and key files. # # # # On Windows, you might want to rename this # # file so it has a .ovpn extension # ############################################## # Specify that we are a client and that we # will be pulling certain config file directives # from the server. client auth-user-pass # Use the same setting as you are using on # the server. # On most systems, the VPN will not function # unless you partially or fully disable # the firewall for the TUN/TAP interface. dev tap ; dev tun # Windows needs the TAP-Win32 adapter name # from the Network Connections panel # if you have more than one. On XP SP2, # you may need to disable the firewall # for the TAP adapter. ;dev-node MyTap # Are we connecting to a TCP or # UDP server? Use the same setting as # on the server. proto tcp-client ; proto udp # The hostname/IP and port of the server. # You can have multiple remote entries # to load balance between the servers. ;remote lojze.ijs.si 1195 remote lojze.ijs.si 1194 ;remote my-server-2 1194 pull # Choose a random host from the remote # list for load-balancing. Otherwise # try hosts in the order specified. ;remote-random # Keep trying indefinitely to resolve the # host name of the OpenVPN server. Very useful # on machines which are not permanently connected # to the internet such as laptops. resolv-retry infinite # Most clients don't need to bind to # a specific local port number. nobind # Downgrade privileges after initialization (non-Windows only) ;user nobody ;group nobody # Try to preserve some state across restarts. persist-key persist-tun # If you are connecting through an # HTTP proxy to reach the actual OpenVPN # server, put the proxy server/IP and # port number here. See the man page # if your proxy server requires # authentication. ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] # Wireless networks often produce a lot # of duplicate packets. Set this flag # to silence duplicate packet warnings. mute-replay-warnings # SSL/TLS parms. # See the server config file for more # description. It's best to use # a separate .crt/.key file pair # for each client. A single ca # file can be used for all clients. # ca "CA.root.pem" -----BEGIN CERTIFICATE----- MIIGHzCCBAegAwIBAgIJANvpje8J6tTqMA0GCSqGSIb3DQEBCwUAMIGlMQswCQYD VQQGEwJTSTERMA8GA1UECAwIU2xvdmVuaWExHjAcBgNVBAoMFUluc3RpdHV0IEpv emVmIFN0ZWZhbjEmMCQGA1UECwwdT2RzZWsgemEgcmFjdW5hbG5pc2tlIHNpc3Rl bWUxFTATBgNVBAMMDGxvanplLmlqcy5zaTEkMCIGCSqGSIb3DQEJARYVYW50b24u Ymlhc2l6em9AaWpzLnNpMB4XDTE2MDEyMDEyNTkyMFoXDTI2MDExNzEyNTkyMFow gaUxCzAJBgNVBAYTAlNJMREwDwYDVQQIDAhTbG92ZW5pYTEeMBwGA1UECgwVSW5z dGl0dXQgSm96ZWYgU3RlZmFuMSYwJAYDVQQLDB1PZHNlayB6YSByYWN1bmFsbmlz a2Ugc2lzdGVtZTEVMBMGA1UEAwwMbG9qemUuaWpzLnNpMSQwIgYJKoZIhvcNAQkB FhVhbnRvbi5iaWFzaXp6b0BpanMuc2kwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw ggIKAoICAQC6J4IRFAhQfzmMAuifhPDQ3kRnl0Gx2DYSrSrTW/ZqAXy/sWHGS7oW 8hjDZRVYjhZg3eoyMNGdxqj7F+3T9x5J4DUTBA3Nin6stBeanbQ1Q7QAabPvOJgp iSKwoRz3YPS+7im75QW6N6wuA9E7jvUzPQ+pXKlBvO6NDkq194/tbZEXQ4s5C5E6 OwEcMVrQEZNx7XmV020dv5XAY3HNqKmDOGoR5QX7RHSnJvz5QZvLheQ3bqztRoiC ZSw2bMiC8RLsUOyL08sSSBa+jEhWdZeiHqrE9b8wygmKTq71G2u9ZVtarf8VWPU5 F4xeNO+Ij+TLN4sVDRP/q9plHetbZeHtToY/G/8no87omO07XWr1A3SB8xVWOSco 81/sOTCNnCze+r+OY1PdPu3Q8WFtQE1bwFOok6hEkf7lwK5zK0LKd40AbjjUjmJV 9hs+Smm3CNr7GinBxu92qnw0y37143wdgcTZsXT53xAm2F/enLDYzsDJ4ZGENo75 ZyGkumWjPP6MHPoyd+NHqSrh71b8LmR6YQkd8Bub3QMYDOpPFbOtW0HaCFI2YVqD ZAldlWyw9iX2e0TiVIcJ+ir8ADvJrpVH74MVuBg+Pu2p6vostdExJD7xN7ZWRWsY MuRwlK7oOHjCwsURFyrgsREDYy/LqRbmrghLcwod9A467dlAcrDV8wIDAQABo1Aw TjAdBgNVHQ4EFgQUf7xK/LmHN/vEd7mo/uHrwRGi8rQwHwYDVR0jBBgwFoAUf7xK /LmHN/vEd7mo/uHrwRGi8rQwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC AgEAp1eQg+qq+hOtWVAi7T/zeR/E7F7blAa3cxwUvwEeLfkiP/LIgyhYGgw2agbH VxUJOeV+AbwjgULAsaLNC8LO5iKxtwxnqS/0lh+qRU4oPRA0ML3UUivmrXIuGkCh MMq8qhqDZZYtCbJhx527cbTcRSRcYtuCAkaseXCSHrnsQCx7Q4cFMzlkAFtuxlof 5FfYVjKHQX9jjbKG2EuTxeexBLWgJOwRwVXtBaSmrIhJjHsAxuf8SfAOYlfrA23w cdcLSjnV3PKodZeXilkTg7GZk4iFYW3qAVQnjHz1a49yhKSyUt+B1Q8Y/ud5x1iH Re+ljyAdwFusRw+7Scqj5TG3scbS366Iqf5ElvSENExq6UXeWS/AcMB++T7r2Kn1 QNZFIAc1t74LDr0EIoj/FUCWueSgp6kT6RNg33zZ6MRmeEwShT2My5AmrrkwjN07 qcCongEJNoCjiCM2QJONKRPTutSr1IsIoivmM8rCV32CMM31ro9pzAWW8nLBo3tw 8dvGuPREPHYlIGN4mBImxmLk/rKPcUAdZ55NMW/L8NXZqu9MMJ7uhoadX3XsDz86 klCJaYo6aFs9LAHzaJb04XL/wfVEaI24WuJm5gR8rjgG0nL3J2VAuEegHOoTBWXO n5lWo2jKvkUY9o/60HwOl7yWyHVIihFnRuY0uTPD8txRvWQ= -----END CERTIFICATE----- ;cert client.crt ;key client.key # Verify server certificate by checking # that the certicate has the nsCertType # field set to "server". This is an # important precaution to protect against # a potential attack discussed here: # http://openvpn.net/howto.html#mitm # # To use this feature, you will need to generate # your server certificates with the nsCertType # field set to "server". The build-key-server # script in the easy-rsa folder will do this. ;ns-cert-type server # If a tls-auth key is used on the server # then every client must also have the key. ;tls-auth ta.key 1 # Select a cryptographic cipher. # If the cipher option is used on the server # then you must also specify it here. ;cipher x # Enable compression on the VPN link. # Don't enable this unless it is also # enabled in the server config file. ;comp-lzo # Set log file verbosity. verb 4 ;log /var/log/openvpn.log # Silence repeating messages ;mute 20