############################################## # Sample client-side OpenVPN 2.0 config file # ############################################## # Specify that we are a client and that we # will be pulling certain config file directives # from the server. client # appended by linuxlab auth-user-pass #explicit-exit-notify 2 # Use the same setting as you are using on # the server. # On most systems, the VPN will not function # unless you partially or fully disable # the firewall for the TUN/TAP interface. dev tun # Windows needs the TAP-Win32 adapter name # from the Network Connections panel # if you have more than one. On XP SP2, # you may need to disable the firewall # for the TAP adapter. ;dev-node MyTap # Are we connecting to a TCP or # UDP server? Use the same setting as # on the server. proto tcp # The hostname/IP and port of the server. # You can have multiple remote entries # to load balance between the servers. remote 211.61.139.253 80 remote 211.61.139.253 443 remote 211.61.139.253 20 remote 211.61.139.253 25 # Choose a random host from the remote # list for load-balancing. Otherwise # try hosts in the order specified. ;remote-random # Keep trying indefinitely to resolve the # host name of the OpenVPN server. Very useful # on machines which are not permanently connected # to the internet such as laptops. ;resolv-retry infinite # Most clients don't need to bind to # a specific local port number. nobind # Downgrade privileges after initialization (non-Windows only) ;user nobody ;group nobody # Try to preserve some state across restarts. persist-key persist-tun # If you are connecting through an # HTTP proxy to reach the actual OpenVPN # server, put the proxy server/IP and # port number here. See the man page # if your proxy server requires # authentication. ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] # Wireless networks often produce a lot # of duplicate packets. Set this flag # to silence duplicate packet warnings. ;mute-replay-warnings # SSL/TLS parms. # See the server config file for more # description. It's best to use # a separate .crt/.key file pair # for each client. A single ca # file can be used for all clients. # ca ca.crt -----BEGIN CERTIFICATE----- MIIDWTCCAsKgAwIBAgIJAMoZ/xXqfnHmMA0GCSqGSIb3DQEBBQUAMHwxCzAJBgNV BAYTAktPMQwwCgYDVQQIEwNTRUwxDjAMBgNVBAcTBXNlb3VsMREwDwYDVQQKEwhs aW51eGxhYjEQMA4GA1UEAxMHY2h1cmxzdTEMMAoGA1UEKRMDYmFlMRwwGgYJKoZI hvcNAQkBFg1jaHVybEBwcHRwLmtyMB4XDTA5MTAxMjA4NTY1M1oXDTE5MTAxMDA4 NTY1M1owfDELMAkGA1UEBhMCS08xDDAKBgNVBAgTA1NFTDEOMAwGA1UEBxMFc2Vv dWwxETAPBgNVBAoTCGxpbnV4bGFiMRAwDgYDVQQDEwdjaHVybHN1MQwwCgYDVQQp EwNiYWUxHDAaBgkqhkiG9w0BCQEWDWNodXJsQHBwdHAua3IwgZ8wDQYJKoZIhvcN AQEBBQADgY0AMIGJAoGBAPoRJ8eolEweuo2/oHWW5eJubxgskLXEOKERm2rVHG2C w6aGpHARmWa1S4n+jzQLoX1h6ibb/LaXMj5xhssVV+PQ/e/G+owTTmWsf/3+OteN 1+Av2itCWRYOCBNw0MCZKEaP6he6S3YXmslkAR5pkZA1rJgHl34OjZR/x9uzHH/x AgMBAAGjgeIwgd8wHQYDVR0OBBYEFMDESpLv2HvDUg8PRLg4Mc0yEFyKMIGvBgNV HSMEgacwgaSAFMDESpLv2HvDUg8PRLg4Mc0yEFyKoYGApH4wfDELMAkGA1UEBhMC S08xDDAKBgNVBAgTA1NFTDEOMAwGA1UEBxMFc2VvdWwxETAPBgNVBAoTCGxpbnV4 bGFiMRAwDgYDVQQDEwdjaHVybHN1MQwwCgYDVQQpEwNiYWUxHDAaBgkqhkiG9w0B CQEWDWNodXJsQHBwdHAua3KCCQDKGf8V6n5x5jAMBgNVHRMEBTADAQH/MA0GCSqG SIb3DQEBBQUAA4GBALDLe5lNGTnenEYzlCbLoUhIvUMuE+NlwjsKVa16trKBYibQ bLV2xMGPLq346pBskIeCwMI/TsD5/QE43ujl+3jE7OvOZjTI4j0FVt37X4XfSDh6 k/2aFR35eSNkX3mu+4JQXtXN+RmMV8zFUQqPwS+Yn3sHkF+y13SIHHyXrHRX -----END CERTIFICATE----- # Verify server certificate by checking # that the certicate has the nsCertType # field set to "server". This is an # important precaution to protect against # a potential attack discussed here: # http://openvpn.net/howto.html#mitm # # To use this feature, you will need to generate # your server certificates with the nsCertType # field set to "server". The build-key-server # script in the easy-rsa folder will do this. ns-cert-type server # If a tls-auth key is used on the server # then every client must also have the key. ;tls-auth ta.key 1 # Select a cryptographic cipher. # If the cipher option is used on the server # then you must also specify it here. ;cipher x # Enable compression on the VPN link. # Don't enable this unless it is also # enabled in the server config file. comp-lzo # Set log file verbosity. verb 3 # Silence repeating messages ;mute 20