##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server.     #
#                                            #
# This configuration can be used by multiple #
# clients, however each client should have   #
# its own cert and key files.                #
#                                            #
# On Windows, you might want to rename this  #
# file so it has a .ovpn extension           #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote ga-st-gw-surf2.oopen.de 1195

topology subnet

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Try to preserve some state across restarts.
persist-key
persist-tun

# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIJANXFq8sijdObMA0GCSqGSIb3DQEBCwUAMIG+MQswCQYD
VQQGEwJERTEPMA0GA1UECBMGSGVzc2VuMRQwEgYDVQQHEwtTdG9ja2hhdXNlbjEY
MBYGA1UEChMPR0EgQWx0ZW5zY2hsaXJmMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
Y2VzMRIwEAYDVQQDEwlWUE4tR0EtY2ExDzANBgNVBCkTBlZQTiBHQTEuMCwGCSqG
SIb3DQEJARYfaXRAZ2VtZWluc2NoYWZ0LWFsdGVuc2NobGlyZi5kZTAeFw0xNTEw
MDkxNTQwMzBaFw00NTEwMDgxNTQwMzBaMIG+MQswCQYDVQQGEwJERTEPMA0GA1UE
CBMGSGVzc2VuMRQwEgYDVQQHEwtTdG9ja2hhdXNlbjEYMBYGA1UEChMPR0EgQWx0
ZW5zY2hsaXJmMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRIwEAYDVQQDEwlW
UE4tR0EtY2ExDzANBgNVBCkTBlZQTiBHQTEuMCwGCSqGSIb3DQEJARYfaXRAZ2Vt
ZWluc2NoYWZ0LWFsdGVuc2NobGlyZi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKLTHSHgX6/Ibr3AlmJfQ3k3yTvaD031Ps3c+bsXgOQEPNO4x7er
8R47osA7FHNKI8ob7jnX/xJSJcsE2B1zsYpceW7IN/Mmmz0eZyIr7B0tu2dFixxC
t4Vi4dBTh8ZvEaTZ3YUzROBc/YnWFyq3NFZ0DLdJBX+lFXAYg7qVyD7RCB1Yrwxq
rJFYK28qeIi4WHfHQICZ1dBlf7qpnL76MjfzjjiTTs4MZwjYRT2RJaPOhnNzPaeF
c11kP8T+ER46TqYbmBuImpoOntca002opJxw9iXoYJRLYYfhs4XS654iApGbG0vc
2Kd7uH+QyWElW19EDmeDRJM6Bc0LUu1rKtkCAwEAAaOCAScwggEjMB0GA1UdDgQW
BBQ1n9sNhkD5ZQ7jRXnON5gNKFeVWTCB8wYDVR0jBIHrMIHogBQ1n9sNhkD5ZQ7j
RXnON5gNKFeVWaGBxKSBwTCBvjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3Nl
bjEUMBIGA1UEBxMLU3RvY2toYXVzZW4xGDAWBgNVBAoTD0dBIEFsdGVuc2NobGly
ZjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczESMBAGA1UEAxMJVlBOLUdBLWNh
MQ8wDQYDVQQpEwZWUE4gR0ExLjAsBgkqhkiG9w0BCQEWH2l0QGdlbWVpbnNjaGFm
dC1hbHRlbnNjaGxpcmYuZGWCCQDVxavLIo3TmzAMBgNVHRMEBTADAQH/MA0GCSqG
SIb3DQEBCwUAA4IBAQCXp1hi923vehUa/Gd9Ze9UobRo0kPCLxgQkPOotUPAX+Dp
BDJOIHzoijORN4LmtQV+UNbRGsGU+Mwbejx1b4NHrFtj6KaCbCdB3bumcSmfFbaJ
QM+qvMtQYXx1NnFnoV6PYD9ZjfsY0AaVi5FB/eHnP5xuGzmbq7gPgG5sz2RO5jcR
1jO26hbrOINfYplu/NNQqBfRJPwyPFjHcCD/wWE63fnue3A5Oj6jUcuNLbOAHJEy
Pu37BPHNzjnTUdOe9scXp3WMCJXOtdxoZkfHfGKXYhz//XwX6X/hJMzOZ2K+kUHC
NfKwQ6snmDzycXtx0EqsYjzGgxbOR0qJbK/pJhii
-----END CERTIFICATE-----
</ca>

# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkhlc3NlbjEUMBIGA1UEBxMLU3RvY2toYXVzZW4xGDAWBgNVBAoT
D0dBIEFsdGVuc2NobGlyZjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczESMBAG
A1UEAxMJVlBOLUdBLWNhMQ8wDQYDVQQpEwZWUE4gR0ExLjAsBgkqhkiG9w0BCQEW
H2l0QGdlbWVpbnNjaGFmdC1hbHRlbnNjaGxpcmYuZGUwHhcNMTUxMDA5MTYwNzUz
WhcNMzUxMDA5MTYwNzUzWjCBvTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3Nl
bjEUMBIGA1UEBxMLU3RvY2toYXVzZW4xGDAWBgNVBAoTD0dBIEFsdGVuc2NobGly
ZjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczERMA8GA1UEAxMIZ3ctY2t1YnUx
DzANBgNVBCkTBlZQTiBHQTEuMCwGCSqGSIb3DQEJARYfaXRAZ2VtZWluc2NoYWZ0
LWFsdGVuc2NobGlyZi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AK7355Rx645LFvVBtQAzVNqcEVSj4xQP9B3jMiCUSP1G2LJ2EjsjPKLy5IGa5YWr
w904xeDK7q8REvGPeDp4pT+56k6O2j7md9XOy1Y6yr+X1qVlSRXO4Hta+cKWinAY
vjtPIL3FubVGB/FUrXZWR/GD7nyKnelCI6Gntvt2wwWt3aj+yPoV9J86MN1NwFAz
Cxn2UcufcFPHfIDFaXpMuwbsRuRudxh3fBRYRkmarB+mRl/3HHEzpCX0gpKWVv2v
a8RaDu/T5mg2yOiMHHUS+D40LmTdo7yzfizoVlVbGrNG5AbXs/gZRKMOLZIPyGR2
r+eD+2KhOpFW+kdjwsPFe0ECAwEAAaOCAYowggGGMAkGA1UdEwQCMAAwLQYJYIZI
AYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
FgQUdxceVU2ZsbHErH1NiTl5R5Oj99kwgfMGA1UdIwSB6zCB6IAUNZ/bDYZA+WUO
40V5zjeYDShXlVmhgcSkgcEwgb4xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZIZXNz
ZW4xFDASBgNVBAcTC1N0b2NraGF1c2VuMRgwFgYDVQQKEw9HQSBBbHRlbnNjaGxp
cmYxGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQBgNVBAMTCVZQTi1HQS1j
YTEPMA0GA1UEKRMGVlBOIEdBMS4wLAYJKoZIhvcNAQkBFh9pdEBnZW1laW5zY2hh
ZnQtYWx0ZW5zY2hsaXJmLmRlggkA1cWryyKN05swEwYDVR0lBAwwCgYIKwYBBQUH
AwIwCwYDVR0PBAQDAgeAMBMGA1UdEQQMMAqCCGd3LWNrdWJ1MA0GCSqGSIb3DQEB
CwUAA4IBAQBBTSwtPN85g+0QPT8XvxYQFv9PedtEFdKf4R5JWisSI0hyvW9Sf3Vc
4bc2GYIIG2DFSJip2lUgyvC3yOqKtT6vF32M4NS+GglDOycXWbpZNB9vtjrDvpo/
Xhv8dSuwE9BIsoJF+peEbP6lINGi6W/p61NHWmO1ClvtZyRxb4YnqOmIEr9s3XP7
Mm6nttX7690jwZoae/xwGOy17eUz/cGLBq2t7t7m1rhU4ErvGgJOP9PKHkgFrYjm
jHeBXLbHsff+Tq10bhyiDb0hsAoZi1bViGpRtfaQ+eC0rXnDy/C+/nm+SzlEKeiC
2XmTO8dbNgoOqETj7d/iDd4copvdzZYw
-----END CERTIFICATE-----
</cert>

# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI5AUTsVDif7oCAggA
MBQGCCqGSIb3DQMHBAg12+MbxEoyygSCBMgCrl75V6WYOCdXaXmPDePYFZnY1rms
O7VBq16osPoJCUbnowfDlWyj73kM0kypBQPK1l9ZtXiC50BgbjPS16CeeAZNvFyr
/1glAmHv4wKArmzF8GL98vEDsKbnBV9nFnPe1YV+Rq4QqeSiOmnWJOqoFbpYDJiO
f2Io1g9DgoYYjMhvvjMk/mG4Oa6aOueMDYBFQ17NCNwXDj65HI685SiMEYzksQEW
GcerSML5Q9PDwbaiH+xs1AVp3MEa65PDj3KW7jcB8LenSAzodXo6dhzJelSgv2Bo
Q769n14ZetOK0Mv/o4blxQAPsbfknKylg/tvGIkFt38mH3PBJeXCNElyWHZJD6BR
xZah53ajLQa6XXhV2LOj+qKjgvIH4lwb10nr+eL3VdXKPXdMrGQUHHx59Z5zGnwK
qoRvKOtx/Lk56c+ycjCo0MJW4QddxB8rBmMEduUcI+jIk0ffF26F/uWh/gZO59hj
Tu6cGAgZY5hxkofm+b4FdyC8dNgQUspPqs9iIqkMSjttzuihme2qdQg5cgl0F2Zp
u7FTp/E8CsRX+MpVm/i+/0oXi9hspvEwfZcg1hpk3LdF2w3Ym+Wj/jlBiUbTC17K
YSLQQk2WEWLbvhGLA/3Hp2auYm0h4PxyG9lp1RTkK6WJSz+Vjc/Y8V01Ml5l7pT5
22eTksbqTeNcasCZkm7dEfAiuA222qS6OUZLzUkX9cBb6EXG/XIQ0qzY6c0UR/38
qfU0aP1Z08mIwMhGfyn/QmYTcxMw2rov6eHt2tsemDFXNf3qj2dUvJn91nu4b0OQ
3ddYB6mazfwCOqXeAzxv+POxuJvjUIx3MmIyQtQTvlNa0nzg89DNlAtBrRKDJVvS
mRLEBT/mFTz6KPpdfVp+qdx+akAQ7YCpmRfBs1Am685b9azOs8+VQOl8rp4PpkU3
T2rSCRpc7O6hW+YZYBwEMgJn0Qs5YXyiE8Js+k9QB5d20hGIJQAQ6hAyLLamHcj4
K6KaBhycvsXvB27drkkofQOVEIV751McsgwC+cxS2DRaJf4udr20Pg/2Trc539kp
anj/hT2auv3/rGGTfY9RLblp00eCjKazltsg3/DbQ5S34hSxnipfa7o6PACxqgAk
qgZ0G5K/smgql5nppPpE8udS0utfDKgi7lCwlviIfKY/UjsQwRr3wh1L2NrjG1nY
f7df0/WfVAc9+LA7QBVtKp68oh2wTCGQXdhgjwJgDMJp7xA/I1kd6tsjkXPjPNct
tg1MZYL/jDjAEzC96ikhLCjbybLVmL3NJKC8Y5+kpxrIs7W4T+ZwTXwfgBUN58Kw
ZHK7JSQzlBKmLlRbpYcjT+Ra5Mf78xA0ZsJ5D7yVoKYmMRfGfDAXQ4s3ri/EyC5h
t4FeFvUdrr4fTu3FlxCAOhxV6rFG/pkjIe/o0JHEZpTvxnd9algrNCTu4D6EFJTW
tQNfQY0mctQhtuMoqG51dB1jVRnZ+f+b7bzBnsesSzJNXKcrq8N0mgcZx0nNDn65
Db32YOv28+JaID53Bq811tHtsybiuTCx+77oubUaH1it5xIMe7NzL9/gQAPkfn5r
LnaDPGgPFEy6UaErrCOo10CkLq61VoCj8DgQz5fQ41OQrd0WbKYR5yqh/nTXpFus
z3U=
-----END ENCRYPTED PRIVATE KEY-----
</key>

# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server".  This is an
# important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server".  The build-key-serve
#
# Note!
# This option has been deprecated since version 2.4 and 
# will be removed from later distributions.
#
#ns-cert-type server

# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
2e6c91c0db488d5f018432f60605fbba
5ec1afd4522ddd28d917ade2c7515daf
9a7a3104b523c929f10a2ccdd2197b83
949e5644669ab0f82b62e08aa887252a
cc20618f9f8c1b0eeded6ea92a392e79
e477a890e2800cf0cf340ac6139cf7a6
0cfc5c713a39e8b2c44347006bb90583
8fe0bccf4feea50e7880ee7c7c510114
e9613960f8af9096fc46d75886b1bdbd
773b77d9044db17109a5615614797b98
bdacaae155966bad69819d08f1c8cafa
1cf102981e2188d155d26043b59538b9
15c1d67430d6b67c9c313123fb7cb427
29cc6972e63470c74c6bf2342fb57ba3
50d3254df49d2158f4faf5bc38fa9d69
1014d126eac903e30f6c97df69a3b665
-----END OpenVPN Static key V1-----
</tls-auth>

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1

# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull