##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server.     #
#                                            #
# This configuration can be used by multiple #
# clients, however each client should have   #
# its own cert and key files.                #
#                                            #
# On Windows, you might want to rename this  #
# file so it has a .ovpn extension           #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-blkr.oopen.de 1195

topology subnet

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Try to preserve some state across restarts.
persist-key
persist-tun

# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIG0jCCBLqgAwIBAgIJAPmS0q/SPu+dMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczERMA8GA1UEAxMI
VlBOLUJMS1IxETAPBgNVBCkTCFZQTiBCTEtSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
c0Bvb3Blbi5kZTAgFw0xODEwMTQyMTQzMTVaGA8yMDUwMTAxNDIxNDMxNVowgaAx
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMREwDwYD
VQQDEwhWUE4tQkxLUjERMA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEW
DmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
uV3aM8LnLlwhgci+qrzCkLAUk+A6VrXDc0cjJwwnliomKYckvwjGSG+7JCaBfPIQ
TvBqoEbcbGo165qDNadcfM+s2E+Whda2FFUgUHujrQ69bsACuKGFarZqQUHqhmHC
m/MSWZ39o+2A+4L4gIQzkLpPHOHRNArJfEkYVkGBaqU+TlzaGX9a4MUNyPQgjwWB
cVDzOke/3PRUgaEq8U8kWsDw21y4cdS5Qhbd9/ijRbTFU37gfGWAz2E88flZzah2
sTulBiHpaWaL+9K97UlHQ0RER0WmdgA0Ow90iqs7Sm6eDlJcafXFKh0Vu9lYnwpu
/mrkWtk8EAl6xCq/VwMzrVebchomA11xDpzZLg2Xej4wLMsZ7ZVr+YixCJY06SA0
Z/GMgq9vEn23P46CU9ZIjOPWpTXotXNGQbjWaJVRNuvlFvbF2URibo3ncjyPC6sR
StIShahqLqG0tQ8YpT35+Zz6MuK7kUXIabMic/MFGX6o174ghOV1FhzrVC0GnnzT
+217n5vVABf8aD+jAooSFaByXYlHorAxxjcD3JKwsFalvASYK5Mt89jeVjxIl7tr
h1XMgnj6pMA6Dlj067bEvWS6oWrxlfKJhySmjOT3TgY4cUjgquTTyZE3Q0WlOhRi
rHFqWNUKMs4fji5vCFYU7NbEqiQqMwSOzirVTvDqTpMCAwEAAaOCAQkwggEFMB0G
A1UdDgQWBBS0GaTbhypyt98E5gZmorH+Brmj+jCB1QYDVR0jBIHNMIHKgBS0GaTb
hypyt98E5gZmorH+Brmj+qGBpqSBozCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgT
BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
BAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREwDwYDVQQp
EwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQD5ktKv
0j7vnTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBMPRcUtDO57n8k
F7XtxpKEBUsIorlBDp3H8G0bleWlLA013s4rAD90nG2F5g5WTQQ3hnRX0K/JllaT
8u4M/Qr3HHlnZGQVt2aY6bLLN5TkqhMPGqxCIyWrxg0GyGZ55jgff34fj8WRAdl4
ylKCK19QclctlkSKyFlVLd+w5IMA1rb75oN00klgmemXSA2tQ1YcydOleR9ar+FB
8jZifx+DKGUP/n9HpSld5Q+/+zbPmQXItwm57odBeRPmyLgWCUKh5EvJ3Er5VR/k
hUgNzih8vNZcjWYcahcncZ7O30JIX4UcDPlPHpLUKbir9BA4jgVeM8cyhpity8dU
Jmnt9S7o8owBPXWtZ/Mg2kzY80LSocOrsh8TeVRdQ/3uexj1ytLuPNku9s5QiU04
ziTVzGl805PypcfT+xqONUi5hBjAF3/V0w34CtzKn+icmu1xbdQL3iEj39fY9V3T
mbxbcAxUkoYwXI67scVAEbgbxDwN7yA4ztKRDsIWC0hE1rc0Yt27w6Yf6Fk7BxXT
4eL5te0j9145lc2S2vQGFHMq1yW55a4v3EW5qJIxy500IQvRBtpe0iWqO9TZamIk
DD6m50VdZ0VyjrHcYenKXDqf6RBQjcK5fyOYXC0YAcMEj6s+Sy+VNIdsYFvYvaL/
7oLu/GfpkhX92MNOQeIucACdcIwpeg==
-----END CERTIFICATE-----
</ca>

# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHNDCCBRygAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
ZGUwHhcNMTgxMDE0MjIwOTUyWhcNMzgxMDE0MjIwOTUyWjCBqTELMAkGA1UEBhMC
REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGjAYBgNVBAMTEVZQTi1C
TEtSLWd3LWNrdWJ1MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYO
YXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDf
OEi1vK7bOIinZlafM/w37W/h5zxMPFAi6ImYzceJUntiaR28KWeUicMtuFK5UdOw
fKZ+qO//DisQRKVEC4iUCnDHfJeB3qrGw6UFvT6kTbEnupZF1TQQ1gr6eZTXSCA/
cNqqBvhv5Mc3M4dT8wSqYfGZ2c8Ze1/pQyr3j74EwsltS0oLj7yYbJbQwyMX3Fpv
pGTFN4rvRCvqRR6Y0ZGxuZNkU0mFv/k3+XPcRthCpouNQw3iMaAg9k8dBsN0Mi28
KWwGsWwTYXG976FtI1QOW4HhQLb0VeDIyv1qA0rsohe6+NePPdgm4GRIk2j+IG2H
/MfpVe5Obl0HPcFSJPR84GgbVZDLsPEWVBvhhheCr+PZuZ/tKcqoNNZis6pC5KQu
Vsc5tdV+ZPsonq0RSjZXxzhsegVfJ+OuHlJfmHFbV75ERE2FYDSfEL9tQKs9ZaGX
cyBKzSV4zQwA8tRKYX6kQP+duIA0MkgahL3gTtlYgGh6liRugSahIZGRltKJiDYG
/zhyFETDd9cc5hsp1AttbNmCNlnGu45MfE4KTz/0JxdaG50pWsj6TDbV0vrx3EBS
aQ5tahDSCoCyI2SNh0qfvkIxjsnU39XC6Dl1wo+mepBllB3R0RTe0QpiZGGUPEDg
5nVODCENoU5CYlSRC2ldhx7AFwYCRptmyr5qBYYHJQIDAQABo4IBbDCCAWgwCQYD
VR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRp
ZmljYXRlMB0GA1UdDgQWBBR/WxfMH2sbgHx9eESrgPskIQkQojCB1QYDVR0jBIHN
MIHKgBS0GaTbhypyt98E5gZmorH+Brmj+qGBpqSBozCBoDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
ZGWCCQD5ktKv0j7vnTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4Aw
EwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBACb7NjUyyb9B
ofe1d38OTZBK7YC9mAq9ZgDuskXaqTlfQpX6NxMx0KviBj45DncPPYT+mVsYBJGU
TZeAOUFyuaqDrAAxFl5cSJdD3Ix3FuYp6Wsz61mqLNqbI/JvSY45XhiLH1Fp9aDA
pA6a7ACO2p9ZkjXE+TeK/JVcwmWX+ah3gvAOEFWUEnb3ZO+NkiGEoFSo4jY5rxiA
K/kvaccTjukTqmtjGYmcGHVam896FTilSYsW+Jz0ORIP7CbeK9EPdhi7JSoTzAhn
lOg6C2TVIrHDGNIyUNIadC0uSVmzHH5szpUMYECfILEkebj1Tv1qx9RnqdXSu4KI
uR+K/kI7OY1KuPhSFGMmEDTIF6tg2HTTeEdGSrgTCDbi5Bqr73aCHGyCvFkdJEkW
AjsDaA7wVe6j+PRgZhzZf7wA5LAfMO7to9xweI6ZDR4MglH34BcLIPOEewteiArh
XY3XvUQkOJRr7tnGHi6h9rG8WlThF2JTSUO4Rhbhb5hfWEPyC/e5Mr7zVXFSd07Y
fEuG/ppln0xtKsYLZMt7U/mzM7A4qLPpGIaWziojEMaxvbDpv1rZawajsoozT5X5
zDF+VNFnwMEyaRu46zhbouhEcWU5FD8ux6II3aPYH1Bf8ZJ9btfkynHZorh2vFMg
oBRLp3OUAKaJS3sZtH9cLAmCrlTPoCVk
-----END CERTIFICATE-----
</cert>

# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIhPf7U8+0luwCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECEbFHS/M/mH2BIIJSLS6wTEg0/zk
yRDTLJUeb2b/p7Yr819WamxkEraj1NY4f9bi04i75UKt2oKQHav5clCXQVSwmaZn
rpOTpom42KPEzFcrpztWlwnje/MRSxt80SBEoA68mvPGWR9o2o9t0D7Rl8G+L8HK
VUqGu+t9XKUnr2h6hFtP0gfTz2nOkRp5sQ1wlrPADYlyjOxdvM4bP4c5pLSmCrwV
7vait4Lh7mQ7R9t7FJQSNnb3G90+9yjkbWh5ht7s4gyi6cSlwcWcCU/cZg4q1NdG
TH2gnMe2AWX2TQg8gSypaJV3T6zL2HJhjNA6vRAIbCbWD66LvtVdVOeM+nrNSpHT
HiqEEDNCCen+Xhz8sai/mwx+oUUx3VvXUtDrve3H3dhpqPHAhIhUNeAaWSv0f1tb
jPN3He6oB+dZwmPnVgFRzfU8AJIE/vIneDUywYNdgJH9nb3piSiVcHG3/y+6q3fJ
3f55YbtI4zW4io5o9aXeL7yLhoDA7DrHfNxI9ANTPlL+xvaUz6sUKd3NfOKA5tL4
h6KgDlWrlVakLhkf8sQMHbvVa91CJYiBwEJbVsd3kITOpRD4JDUu8sN1OZqcC+89
yRlJ8Xsb09UcARAc4ZmidBbo6bd5smIlcCsOOxO2A/xVzgy2IxoRgN25XIyoxj+S
NOIXcARHZeU1HBbeoUEXq8TqB6iJWWVszEBEt25UMQDLYsLh/XBp+IlYHvnPu5Os
D1gktNW1ZNl9NxVXjMlhBVbT7bqeoU4IvMNxFLUMTYMltl+PNeBLKe0Qa33kZGCm
bICe+aMHEKaxSTdxNQSQAmYkkcuQRaMybnHO4TN+IZ+w5BIcdUgDvumKTQWG5/Kc
oPPGkYMzT/gQ/JED3HOuaihS6f/jy72Tr4NrVJH2243Xo6NlgNy4bYPMsO/lnLsl
d60XBDifUrbw7gAxcyisHRJD4DqXFW8y8HAcbGJMBF6O7nbmb/GXYSmSw35//ABf
+drQtMOib4R5rlq/drK+aAYOEy45AKSojydfrpPIW4lZj9R6z6Utq8ckp4TRT7Ev
jKf9CRW74pBjm8edfLgo3SNuyIolJwag1+PK+vCTtNXm8XX9et3clAE1pRUCJ4tA
mUlJwSVpyG2PfhA+Y4XnRLDYoAdK92f+k2TW8vh5jt7wIpfyimFPfA1fnv/tLw+d
Lr6mQGovAVlMgGW6S45yrp6buxUVVH5wdKtK1XpX/ktTHLD+XuUIERlJ3Iu0hysC
IW/3R62pWzDnsEdMt2W5RItwwMkPzf74fOh0W5TGJLg4CAbc1NtzZ7PiPFPGecWU
4DqKlb8+wQKwrOwkSokksxzPneVqg9Cq4ksXNYkdm4tK2lXAqUvS4ZpQM3w5AaoF
otbx7fME5Y3CmV1mPlO+ENE7++qEHI61XheGphBBO06hD1vGG663WERhHE1CMXGu
rOot+nUF4lomZhFzQUWLB4cc7bGdbljbXCAGnitTS0xZDl49B6XXMuZp2R+IRPg8
CKVZynzp2JXjWEx+OzAqic9nGpe5HrDuUjnsnaKvhLvJzkNXg5ryufVOTr2LG2yV
cKWzUJSDMKFbcyIgbAIHnn1z3wMJqLWNx7RXWUJbHIaO5cpLqPL6njdFq8wqe8LM
CuYVBH4G7a57B1opNP2Unwe0YlNSH6YGkYO+HfpTubvQB4/lR2CThZvq+9llg9Rv
7mE6ioSUuh4nGSpY5XKoc1PsZ1E95HnM2p7csKh7vvEws33rGQBD+o4azUqZA5Hz
G8BHVMiUIZ+cc5vOJvKfgxevocI7yzL38FmploA5tp2HvyoU0KbuAMnZryLVfHuW
vaoa5OjMcOMf+VZTitl/L+6gSW54VyUsgOacfvfPXXMifuN74v+E+KuUFHaLzPQ0
exHenaWrN1/C2PcuORiCmqqjhfE1+ku1Ii7wv40zBycFC8pb4NNfTHMvhuGzw9Rq
8aX+UMp9DsZzRQQDQa9gotzSbr0HEN+SZlnU05yorBvf4CtpV2Q42oYlpRnX5vsx
wCxdSQFWiVYaL1dEYHa2RmEB2RXhuMuyugqZyPbVNgGLFWb925VgA0WwRMg3N56U
6YgKyag1yzaxQbYPKs2c/iT+i5QMU6kx7Y6QPVs6zT7/DJvatRViogF1IQDiOS8o
xtFbbCtQ7NGUsmgz6tsX8mo0oiCUZds1h/NBVUOY58EOYbOKs9Ywaui9ck+cKfGF
X4dcPQz1sPEHgv4h5q1SpPNY3E2kuF8NSpV/KYznwxGiBV/Ui4rGH2/HmQUXNNQn
VE3IqqbZs5/exZvdcWquKcTU9xNrclq5BgTkHI5QbGXXK+f3WmNR5rBQbd35UZQC
cTn4pNSAM3iPJdMEO25ScsIQh8OkmIYvBnmpdMZxexnSpJx6HmOEF/Sf2mfvhz91
Ah93E0ZF9ciN+6UQ697r3T97cXOeba+w4OhA1kw5Z75c0uOBomK8cfOzaG+vMOwf
1uXkit13S5O234qzBcGoj3FLUprtooSmWj8f8sCtGK3qDCjZkyMoXWPu54V3jgXT
IYmQ1Ps9QtMuXOqlN3itwu9BS0eFdQ/tKAQ33HoTMeHQ873Jhn67F9aPFzA+jnH5
DWZlj/gV0HgZ9GYFLvzVZtjy1BDMTn3CscG9NkwXcu7YEXZANZ2YIeHcS/JwxOva
DtQdERC0sHT9TSXLM7uL47UaIUoz7Pi6yYn3vJ/4cr2eLRLkfZuDD33gD4EBN/Oe
DqmkycyrSdhIX6KfFG0sFxCNnkerUVhlxyrrnVP8JHRrfmRb+JV/mMLRv6MpGV8E
Q/Y4AvkyhS2TJpJo3If7JjYTeihR3Lhq1KkAGoEBY0xkf0MApgq/TTjjU5BT2fD3
k1Ywd0NzX4y3UmRoXb4+MV9/U0NkcYwhUSEPXgmuAj0vRRoC7sY7zbA7xcR9Gqlk
0EJESYThFBBHJwKYJ1yEN8E3Ba1fQUKpwrb5sX+2UmniAx+KgLonPaQFcsaT1mFT
98uJuvO+gMyLHDXv18DBTEsgFkR8lsjs27z1CnouHC9vFDho32Lwsfrpy8ty9p+r
5WE/h3yOk95IAuX6OmhMPOlmNKskLyO1e0B/rYvksY0K3lf3J0+hUctKmX6e7XjM
g81V0EyjjYQKhalzUDfHyTrPnNGuMOZOJ0eBmhavSSDGvENdp8lrz6vgjj0o5qaO
IStU3QrW1Tcg8pvykyA/Lw==
-----END ENCRYPTED PRIVATE KEY-----
</key>

# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server".  This is an
# important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server".  The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since 
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
# 
;ns-cert-type server
remote-cert-tls server

# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
3cf6285cea0c09098e2fd9c4f0b77e10
17f36672d5dbdfc5c076dcfb15996950
23483097039a2bd0ed987ec31a2deb2c
6bc987cebd37dd435e4b591763375f1a
af3b13a09680897fa379e952948e5c07
8e314f92317b6ec2b347e80fffaa4371
998b30ed33ad0570746bc9467434a4c5
92850f34fb15de8385bb2aade5665048
2cb73c00d4941411981bdc2c33e4e064
03a1893991bdd08e645b94e9f959edb0
397a71dc39558126f3aa83e09748873b
5035c46ab289a548602e5b9f308562ab
6ec9a6822b7db0e4641b42764a97ff20
bd71debf42514513311779410f995974
e5984887c5e43393cceccf2ddf7191c1
a49f80dd24d79fc3d9409e9f42cae925
-----END OpenVPN Static key V1-----
</tls-auth>

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES
cipher AES-128-CBC

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo

# --auth-nocache
# 
# Don't cache --askpass or --auth-user-pass username/passwords in 
# virtual memory. 
# If specified, this directive will cause OpenVPN to immediately forget 
# username/password inputs after they are used. As a result, when OpenVPN 
# needs a username/password, it will prompt for input from stdin, which may 
# be multiple times during the duration of an OpenVPN session. 
#
# When using --auth-nocache in combination with a user/password file 
# and --chroot or --daemon, make sure to use an absolute path. 
#
# 
auth-nocache

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1

# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull