##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server.     #
#                                            #
# This configuration can be used by multiple #
# clients, however each client should have   #
# its own cert and key files.                #
#                                            #
# On Windows, you might want to rename this  #
# file so it has a .ovpn extension           #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote ckubu.homelinux.org 1194

topology subnet

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Try to preserve some state across restarts.
persist-key
persist-tun

# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIG4jCCBMqgAwIBAgIJAJJFyNRqWYU3MA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczETMBEGA1UEAxMK
SE9NRS1DS1VCVTETMBEGA1UEKRMKSE9NRS1DS1VCVTEfMB0GCSqGSIb3DQEJARYQ
c3VwcG9ydEBvb3Blbi5kZTAeFw0xNzA4MDkxNDAxNDRaFw00OTA4MDkxNDAxNDRa
MIGmMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJs
aW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczET
MBEGA1UEAxMKSE9NRS1DS1VCVTETMBEGA1UEKRMKSE9NRS1DS1VCVTEfMB0GCSqG
SIb3DQEJARYQc3VwcG9ydEBvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
ADCCAgoCggIBALae3zg7UYlmziw+LCYVg65H+lKNOcj/JArsL2MOnYEcmrePLI4e
GWRppLVpxKeG9kIpfVglfqRDdEY9eOFguJs+MsKwwRi2LzY1rCjDazCjTnQ0L0Zj
1RqJT1LqaEkzLv0cAWxza67K/n6vMaXxQ59jNAW/bOik1SogHiwrT78f2e+Zu3K8
tqkuuDwtwbU0jzL+m+IuHNVl1CTcAIZRmFbdxpWfi5pocrbOIlCwXbUP8ltp/E/t
xLKQqBP3ccgFwPuCGZBymUcpRdMgiDwifYnZK3H4STLSDN4b6K1PclKh46QuxDv2
egap+vctIKJRLguAPqRVjSoYK5UXUcZC+R6t8rHvxDGLwvk3IPeEI9z5bCvnm8cw
0e4/dr1EDjtwHXtw8X6DDf2biNmq4edCRxrgyQKwSOAsC4MhzFNPM112N1nJNrpR
nXNCKRNGF4MdI/zFqRLraafk0eT6yP9/6lmoQDJsjhUH/ziOB+cPS4XmUI/XwMF5
c56mD49gdG4ZivDtJeGcdZ4TSbD/lvc3yI1ECgouFPcBAJHwendA29xYMmuj4oCP
stW7N8HARZWzfwIdbB/HHupHIZ1HV4ACY0H7Sju6SMFxWi09dl92BYG9rhMW/M6A
+k7WxW0IEqZyQgen3fTRw97GJXaLM+anwwl89c6trOaME1ql/w91lAInAgMBAAGj
ggEPMIIBCzAdBgNVHQ4EFgQUXaBXd/nJzd6Iqb7Q+/D8ihm1nfAwgdsGA1UdIwSB
0zCB0IAUXaBXd/nJzd6Iqb7Q+/D8ihm1nfChgaykgakwgaYxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5P
UEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRMwEQYDVQQDEwpIT01FLUNL
VUJVMRMwEQYDVQQpEwpIT01FLUNLVUJVMR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0
QG9vcGVuLmRlggkAkkXI1GpZhTcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsF
AAOCAgEAquNynEChfqP/lTY48YE3xhDycq0YF0WimD5NzKPgrCIP/1x3lyufzoiz
8DrqVZ61LKdJUJMcWRmyqiXS3WZFX9X7ktZvmf37E7JUvorSuF21PMm9Oj0yUsUX
y0AFUiH3fpNhCMxYiCqS85wWBy1+/6np1RodihGTPcLwAGLIVGEklyffyamQ2i2E
TZwZrZJrmLyzsdn4PT3vJyfAUUbcpgf32zjEZCCozlSdisZi8cn2pL7y1pcXA5Oi
gvLhDNntYTKcE1JjWqa/989JJgvvYD2fgCo+DkPw6i/Dic0UAZypHLKqiCc4f3Pc
GqtaY7nxQjMSGVnMjEn2yzyFtXep4lXn16Nh8ZnGbEk3dqCIBS2xzjcUs6YRdyMb
b2JIflNuI4Wrqx5CTyMM7lSNapZRPiP7Qw4xyq+og1TABJuc+9A3Pj/R/oztoHim
9p1zCM4m3tEBUCkYxet87BojVn4MQ37pees1Xi4oAFHqU5mCwpakO6rVOt4Y4vyZ
K4eF0w3NoRl+z4tbDFh+RjUj5tChKcMxaSitCsD0GGvd0nlO550tbxjMZlchpLhP
xG+rcU6098AdwAIjESyYfowVhHT+BDTefXphSYMz0ImaiBzbGwEmpce7sD1bYFSn
Wer/Kh24vsIIxcO2PNEKvQbO/I7YD4Yjk4pVGTUgD54LLX7k+7U=
-----END CERTIFICATE-----
</ca>

# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHQDCCBSigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMTCkhPTUUtQ0tV
QlUxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRA
b29wZW4uZGUwHhcNMTcwODA5MTU1MzI1WhcNMzcwODA5MTU1MzI1WjCBrDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMT
EEhPTUUtQ0tVQlUtY2hyaXMxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG
9w0BCQEWEHN1cHBvcnRAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDA5DrGxKOrIDkG6bN41khikTnVEWmg35qFA1OkbezVg8e0tuhAhDqh
ugWUbbKJAj/KIwQS1z/8yNfkb5GKNEJYCnUvuvnxc/AKJ1c5DrijeRm5PHyXs7sn
RFm+EOB5G+czct5JEfTUkVsftSZboLhQ+GESNB4DJj7cZX5Eb3CQQm60a4cBMzEa
r9W7LyWBQEHcuY3oI6s/R9g72QGJaNQWJklBT4TOcnz3nvs5/SYvvxVsykqDD8ii
9SzqA3zuvBoTUHFaw7YfoBkclQ5ziV0iNYUXb937DArbvnhNbDxb9EjBCmJxZ8Uh
ryVIyLnSvtLgar3I/eHFeJEhxwdhmNuYR1tLKjkVLFb6rTWZiizRUSUnidNHXbu1
K/FbOsurd3ZRLMttZNTc1kNdXy3JDUToy9rZOUpoRbfY1UnCNN2tWNB+U6wYgAUn
V1bZhWnUdX1stP96G3kIjff1LvfcheevgaLDNFDAtgRwYjawP/uXdybmQAIO6UQr
jLfA2958sGEKWrB1Pgy8kmvXE3xGajNDTP3UNFIJsc6/nE7DaA8VTuVW0ypgNSwS
uvI4HJnbxV9YDCozojOVjN4ICyqDtBabKbuZ6C2lvrMsKMrvUTkdVei5YJELHH6f
qT0Wvgt+YjGmu9LuG44v2lKWqw0oxsnnhElcmMyuimrWiWH0FsflJQIDAQABo4IB
bzCCAWswCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSZ3aK5+DrQI6Jqd/Rr85dJ25MefzCB
2wYDVR0jBIHTMIHQgBRdoFd3+cnN3oipvtD78PyKGbWd8KGBrKSBqTCBpjELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMT
CkhPTUUtQ0tVQlUxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEW
EHN1cHBvcnRAb29wZW4uZGWCCQCSRcjUalmFNzATBgNVHSUEDDAKBggrBgEFBQcD
AjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQAD
ggIBAKh8doaLAtydm7PEcC7QAP5Uc3TNqCpfNCDApfjLpl7rdKrgAnmeV9kQ3IVq
AAeyl2vuctEbcsX8/oNYEJFuUIwNf4mFDdp1Ifq8/ieCw2KLDU3zYH8sKQDTZHwT
w6xuXocuVQ5mcwwjP7ERmYXUnnnHAOgSvjgXBBtNV8tAYGCLDkjGvcUZ0oNVBgAx
Xoewhmd+1Oozr9I0YH1EhEDECVTbivb0So+2ZbEjmOXhSlJdgdi2MO96dsEOuMjH
KMVTqBhMNtBOHXtDbfZC2NwzO5RcAV9FeWkHj6oaWIEl7RTiw52gMTygbx6ezZT/
2fKq7TrY8fuRWLmQ77+TwIkT2oyr7DjJ9s+kY3AU7XKAZHTUbhGlqKsWUiV/3+5f
S1v/4hjtuAA3JPOToBcEn9YAR2djavYIRM82YbRByHvrJZkCEnfOs57Wv5XZGKLK
J4ph1ikT+lLBVczZVB14Elz6Vz0/CHlT2Q6/MtENpLyJop6uVCTmpIiKcfF+kuR3
/f8pdXOzGc1nOwT3g75A+D70nWaXULZUBlRKJ3FZCo+Ecx73YRhU82frDL9+jYiw
ui8IfDjmAQIqFivcHYLizZtpJhrqa7oG7MY80lfsHTPnUU/jkdRBYBzGk3yrFXpE
KN1k61XVk3Iv9lDA/Oa9/Q85eSmj8a49ZQ+GLsTaOx7eBi8j
-----END CERTIFICATE-----
</cert>

# Client Key
<key>
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-CBC,A8DCE11902B81F52

YoUKcSwJtgulV5k8iXSNF/U2joi5fD9mOXOy5qQWkn20s3uAnapYL05jv7x5WZnB
r9Q37oFVgB5bu0THLqa64fORUOOmin/PhepgBkV1BWmx75Y1FdHaylnBqqudlhn+
Ae/pXlhWET1aWXvdKPGMhFJ+RKevHEoThGMxHC/Hj3a0Rl+AzrPbl6YROZ1eM2cB
Kd3nWrdrGhcUyDUn8cg9n1pDnouEGm/krbn1zjQsISlYmxDMoHBHAj+bAFJKTtkt
NiidhN2lNbw9WfEOm5MZCaM0c1GrK1Uw9AhpkZcvKhVx6yZNa52c53a/xxzoPcq8
kA+4n73NoyJzmi+q8egPKCBt2lXyHPDkfsrns3ljJPG7DMPfSazKH6KG4B/ONS9b
wxzNCuyFyWfJdbDpN02FXZHeyg7CGPU4kpSgy0XwFakjQ6+a5hbRLIVkDb8PCvIA
ayLSOvB9WgQzBQjnXyiujTMDz4FzLOVzGJUGKvgkNqv7oxHbCjNTynS+VIWw8wAk
nLcV7F8GTGU76h/TG9IOsVaq1eQIpXq01NvMwZAezh24QfM1VZwuB1vgcAren0P6
78pOKpuPtzEJWJy3zwbSGHtRetB+E7riU6eJHzFsZtJExxn2Rd3ATpIb7MtG9b0v
MKzqPhWHzEQz/psMrZaQ3ONsmi0Ti8Yjn/lvV5B/whwBEeJ101ju/ZXvPyqINzQH
5E1/Flwrr2hXkEchaGJoREN26tWUu5x5E7KWu37wzbb6533veoVFmoLm0+NdHDM6
+LOlq6xSy5vDH1qNaSPf7mtfBJVx/2f5I6IIGfPJ8wNWQsb7ij/vXpJIGaS3lee1
1ZMnIiFQAGs5rQh+XqWRLFL2Z5Omf8SeE4Zr3Pd5Ax9+8UjpNgMPlNCZ66yyOzO7
lwSQWbEVx8HG9Eg1hFOIgZhVbDmaukHLJcVaT0A0WR2/19iu3zZZ0VgJcz4i+Qp4
RlznHpOJQ6FvpydxW93BkRpikMfpRL8PdPKswbIbTAkwTCV7EIceSnH2NL+EFsLQ
/muGyx4IhpFsJB4gE0TR0t/U4FdBijILd3wZnFBxPfhofc393P2OfeRLk4tvaeae
Eqwzkcdcm5zG0dbxFUTXe7pQB54hRvJ/4XFMhTwQBjZDKr0RH0mNEgomqU8s8Lfm
qaMY3OGuYAMpTE3t+NIBdge8SoSSxxl/kR+2V2h04zjZ9uYss4b5Bj127tGbbSS8
nH4cDwysTTtcACuh8FLByoFio9Rnt73uckhflskaLvwZE/8A0uhD01F+chatvSAJ
Aix9oQwDtiyHF2t8C3eouOWl7Is+BDlh2iWYEaNPgFpXwR5eRqUpkDCDFurecT3t
ru7i47QftimArrx//dWdNZDDXC2vY32zr4e3wLoEkuFZb/uiXA067AVvCKTuN6H4
M00kzpAfyawLaLFsPFxi/hISWq96OzmguivsDsoraIl8Uz1xkL4/zhHdJDToHV4E
wTrQlvoA4zWDa3DNbwRH9vna/zY8owktR9nDb50xlmmzXT8ucAFN8BNLCeQMir4u
2HjGic2gBFrnOgafVXsnJam+a0ce2mPSRQ1hLNxquDdB3gT1Woiczhl1HBRX9U7K
BpOJeVWF9kLBhbTTWqXQMnZNOnh0iEmjtDg22dg0hsHsoo8z0ngUGGrDofPRQ9Xy
Aw/GmAwF7pmwSfIWiCndFMFeCN418nugtX2QavkIkm8OFm522RRwUCX5lKdZAlzG
nX947m997mZMtdilpcl/F03N6/gKu1S1Wrmug8sPD6R9mugzcNQDFRsS+8dcwmwf
+zYInaSO6tmI7+GqlaIORXB9vNawy9vElGOqx69No4vjHP1x9+6xEtJk4O6aRDtl
Ju7/NlDildpIhjIvnJe/eKEBDfyyGDlHyVAEqnf7Yzz92j+3ZugIz/zd4iTdGzfg
tsQx0x2i/WsDw11/cefPXth07kJVfgM3jdgk2d0Yd0LpWWjxUZp5H4zJ5FZ5yl6s
GFLYCK6Fj1QsWXd4qQjH7092ka5GKvYLcR4DxCocJ6tS1UE0MReI1YaJ8GU3dwaY
91+Q2j3+lPY3PKH8/MjL8ZZJoIjlyvXwYff1quObbUYIYbtuhJ3c1PYeigt/G5Du
nb4qJuZ6ue2OEfuvRnXgH4aNgZEfrVuYydDBxM55HpaxZBjC0ipqGYnC2X9rU7JI
dD+r0ymGoIt91ZhgnahhIx4zzrJ5i7BNujMYal9AEkPXV+VkY/iNJJKjIzFEc9J0
GX9ELhXHzed3xxy3goTqJPgY0u/jBsUca3l2AI9H8qjeAltbiRP+TdyafhCr/RX1
f2t+KLLvK7F2Ls4VcRPIpuEWrnbvJbh3ot5anzzR20ifFy2fIXyI/Sy/DPAy3hgD
adNfY29lyY8dLv/CTXju9AHEX/Z/IvEBBZkAUUIJ8v2wIR2HMOi/kCsEl3HnK/Sq
aKHenYE5QqME+Y6b8t+w3vhNT7HAcaH/sjrDn08Wls/XqTDEEr+fFV8i/Z0bFQjs
27pbdDrYCmQjGizP2INARVIBYeCk/LQ8kSgIy2pI6uzqdXiHjeeSLtLxl7fmLw3j
VNzCP0uY407/N6WTOYEvg/SHAYQZNA3zSA/xsNihRGGDvj75a0WI1p+QDMUUGiYJ
xdDU4lM+L6YP2yZ75XBUNhwHHX6C1vfQC/BvnszRSdnEZeq+bOwAkBDC31eH6y4J
tbqxOXB71x6Ljcwp3BnpKbnXt9VzLM+O96sSc4wOfJl7AeHWD6eEKJNT1mfjWfN3
jB68ezZhQpth7RilxtECMz4pcigGsljHkIfd9nweahAwq2RNwhz5cafpQqDeJV+c
0o05tSNvR8snLX+fbnBTxHl4025lTmJNh9Hv4DY3UnAVL/e/wkmupb6gYA+N3s03
ZJhhG0YBUviuuH6DrRdxTrHjnVveJHSuHhUHrgM3PeX8cspBBYbX77d52jqDS3HJ
UD6eCrIbxyDsKDFS1DEby2KZYM5CBmI4AzUW4nKBuRPZ0uFiM7b/KXptQvC/sUWE
6DgVcIz2ExivDyiHo5XSWsssRRI+vXtJ/GSghWTZuN6WI3whZtnYQyS0L+tZCRdi
GHaFz1YOvzTJZoWHZgXg0fe58Q7CLdco+66scYlHstj562mjsd7fPa59KaGKluvM
-----END RSA PRIVATE KEY-----
</key>

# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server".  This is an
# important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server".  The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since 
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
# 
;ns-cert-type server
remote-cert-tls server

# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
1c8b2c0960c29ba0f8b85d20cf7654a3
2429c0a7e6c898f834473377846b349b
e5070fadf83aa6f2143ddedd5fed69b8
6b4303181d4cf8b130777033982585fa
24796676d2c096db93d8ec0bf221a33f
974c554b7173faaa46badec409713525
927fdabb473a3e24d309983c858b1b7c
7ea88198f4f01d1a5c2fb6920a1dcd4b
d1a3918e736899803896aa1d43ad131d
996e9f78bcc1faccb83276e65ca43626
c4b0de36dfaff3be40276a0126d15690
bf7c3baca7d51d4ed78efb8248d6e3c1
43fb2424ed1b31e7a2cb14506a3d5fd2
3f3f58ee93eb615044fb6d0d345095c8
c0c5551065d416d1b6781d8436f8afb9
2f34aef585ba7ec0a977386b3a3b9c0d
-----END OpenVPN Static key V1-----
</tls-auth>

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES
cipher AES-256-CBC

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
comp-lzo

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1

# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull