##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server.     #
#                                            #
# This configuration can be used by multiple #
# clients, however each client should have   #
# its own cert and key files.                #
#                                            #
# On Windows, you might want to rename this  #
# file so it has a .ovpn extension           #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-opp.oopen.de 1194

topology subnet

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Try to preserve some state across restarts.
persist-key
persist-tun

# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
Y/hjEv3y78V8QA==
-----END CERTIFICATE-----
</ca>

# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIEhzCCA/CgAwIBAgIBLTANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE4MDMyODExMTYy
MFoXDTM4MDMyODExMTYyMFowgaMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
ZXR3b3JrIHNlcnZpY2VzMRUwEwYDVQQDEwxPUFAtVnBuLXRpbmUxEDAOBgNVBCkT
B09QUC1WcG4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA50omlH/EGN/wsMPXSLcKnjcGPkfYDW0b
VJz7gECICBxbXPVRbdtoxKTjv8agwtdjQAWnz/QQdwkxkkFedQfZTmyoosefS9BH
CYgQ8Qi2Ecsn82tsv+UqsGG9JAToOAxBQ3pRh5miMP7W3ZXtn/czkZLFktQcaEg/
nsg1nyruueJKVTfDKz4EeC3NfEAFAC4pkoWMJWABCXxSfSinPiItxrQVaRTPFBz/
gZc7+Se2xmp8KYZm0oZs10Fo4Gij10HsJXKFi1+xONo5pDWTWPRupLLwkWVqAe/U
+198AT9CbMkXEyRVKh3IvEMpYInAfsibhR1+i6RD+6QUCmH6daly7wIDAQABo4IB
VzCCAVMwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSYxQH+ro6ZoC5i6w6LN3taxROr+DCB
xAYDVR0jBIG8MIG5gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMT
Ck9QUC1WcG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QU
i1Wj34gwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQI
MAaCBHRpbmUwDQYJKoZIhvcNAQELBQADgYEAibRKSFGTe5RySYDZ2js5DfR8vSLa
itT3m6c+/cAMXw3gbsFWkS7sWDnbIITTjtGKbCOBqvzFSWAjXN7RPStYWZ2Vgnbj
EFYYsqwRnUZ2oQAkaqb4EWOK388QzcHalJEje59sqL50HbuivjCsvooWxDgf86A1
adoBSkjcWSDYTII=
-----END CERTIFICATE-----
</cert>

# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIF/vrJSsqA4MCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBEetYsU2fdyBIIEyB5TzrKMZaI/
+apP3cyZt/GY3fTquGzdfxuZtc4PiFVEsbPrFAen+TZPPw9RITvOTJOJBBwGWgYN
QtKmGSw5ns4/xM44pVS3jI2CkP5XxNiFTQYwQ+9xiSUjsxzKLn2EbsBhuLVB+8oE
3MAomBNdLBVaiL1Pb5sKG5IfTprKnPCg6B0/CL5i6woH0cTw9usSuY1p2m8fMsKn
00mP71V/RP0WzLkbdhUI5pYNe1OLlo6IEp32L1Df4iILbdqMhIhOfZgG9ODGa0rP
2yPOaU8YHYdTvXwtr9Tdcu4Gh3aKppz1v5UA4McbAbs2TG5org7vLqg8BKx/ne0t
+9K3oRZEA7dIwIOnmO/jowrMngQsldKUSS7GktObSn4pu5E3ElPjdRzJAZvbM5qe
aKv0zAt2L7zEATPJ4p5bOhAHseYTm2Nf9rzYV3zppQHKPXllrmli0IWoaUIWvdYD
0DMWg+OBevcF7azfE+AhbvVQ2WMmtqrgvN31MtenwaBrWh2U6FP+ctCe/026EqAO
2hj5wqgOWA7n09+IswTRM6ApNFI/2bNqWIDXlAjhH8PVDa6UMxTf/2t9zmfP4fT1
f0i2fNMetLAznhX3N5BawXLHXvFC1C7Lf4vuptJS/oHQevocq7Ke03XEjIB00KAR
XI5G22x+FIoPMWgY65AWsLT4UgttWODdUc6h37pKthBaZR3wqhKNN5XhJut6kbRG
X8o1YdunTRvNp77wAA0aaRbeLGS4B7gTZ7EBIZ8OTDn0onYB7Ra/pJFkEizgnbQn
qKwZadSBBUN7KSdMDQepU8zwnQ5S9uLmlY/YF0a9M+mhyqt270kxGhi5Z0EoNaOz
NG/20/FZshZ07CzzGhWNCotVrQCsSpT7QSYbVlC4w/VPDUiAdZDS66sQ65lNKL6A
+2ILYcBaB2Z2lZ1pf0h07csMa+XHhoAZvzOw2iHmXl0rJkDmZSpqe6tWAQagbRS9
Gz77j8UimJpf1WxOpvCHUEqv6baTQE/NhN7iuz4ZSmN4n/yjXyeAlYZNB1oxuKtv
LQUG7fMel7hwT5Mzkw16v8VD4q/ZVytPho8+VqvAthCxkEJKoJui0SHk4KzqBsaQ
jFf2eaR4lPDkywd01weBb14kcqXxEDnZ4heeqRcytZPrw2BlHdhcDF7bDYlISxNH
b+dACg43JmQCVYpDDBOKafB5lSTHKV1zDHmChqq+MCEUyW1gGkNK/DOcbMToQ9lQ
4WjxvPCWwIcOwrGtgYfakkfIsK+CbFdR1kQ1uUBzpSpRUzwMdndC3+cZ6YoMvl1o
ICu0oF7af23JYo0iiCcTpVmuU2tKm2psRcjjUiVabLDRVj4Uk6sw8v0HyznHDwWC
Y8pHgeQhQx5SSpy2p/w7gbxHKxlrwpwfxZNvRDmx9SMZgbUlM/MNjx171ORaDr+V
eGDUKsqE5p7pYkWrSWp4oK1wX8dA4qzm2bu6tNpANYdJghxrsgGMeO03AX1kQOSr
uwv5e/PX4COqN2Tk+9B7k0i8FWUf0DuRlLfVuUZ23Cj2b7APhBFS/OH09IN9U7w5
lvMTHgLRr3u41KKfDwFOS9srKqvL3ZVAxa/nuGoVNGBhY/GXMoxXL2KF8GLBTMsO
S3Z9EBDJyV3qcr98xfQdbw==
-----END ENCRYPTED PRIVATE KEY-----
</key>

# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server".  This is an
# important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server".  The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since 
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
# 
;ns-cert-type server
remote-cert-tls server

# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
ff2b7b56af351769ba703f874d389327
2e8fed8405df740d51d58eff3eb25af3
d6de19376333a9b05aa72f8b90124bbf
5ea3085029070d28952a1fe9baa392fc
4865bd5dbc58a4ccfc373d2ce772a217
17f099df7d2354e404ae7690cbc50002
151667c2af583705bd3896327917327a
a8b2c9073e58b7deabb3ad04336170b9
6fcce57b50827b0f393b7d1f0a7f6299
d15140e46f6108983234eb53b0a6d56c
6ce3815bc7f5ec9f52bc7eb680562b4f
1241f1378b774491ca817b56f1d5ba09
c25e8a4dff3610c60e4f9f3c306c15af
8a70829075343f2ab24d61560804c78a
dda39ceb12e11a0079b59dcb607166e5
567cbf1dc83c2f32f8ce1cb4576c12df
-----END OpenVPN Static key V1-----
</tls-auth>

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1

# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull