##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server.     #
#                                            #
# This configuration can be used by multiple #
# clients, however each client should have   #
# its own cert and key files.                #
#                                            #
# On Windows, you might want to rename this  #
# file so it has a .ovpn extension           #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-blkr.oopen.de 1194

topology subnet

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Try to preserve some state across restarts.
persist-key
persist-tun

# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIG0jCCBLqgAwIBAgIJANQ1kko/1TXWMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczERMA8GA1UEAxMI
VlBOLUJMS1IxETAPBgNVBCkTCFZQTiBCTEtSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
c0Bvb3Blbi5kZTAgFw0xODEwMTQxMTI2NTJaGA8yMDUwMTAxNDExMjY1MlowgaAx
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMREwDwYD
VQQDEwhWUE4tQkxLUjERMA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEW
DmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
0+cJGjlxrQfc0Hb34YJ7o3P+ctVU3jYlwV+XQrF8WFMAJ8w5QvRI4jcplY1MdMwW
WCUZTuQ1woPbCJ2d53/ZR8RYlvq8XNdRhJmuJofWkEHEUe3YvDeTGumzco06xx+r
Y/aA7+EI5cRismLTJkrwoIg2CYO/Vc82wTYKyJ2pThR1QAOWQ+WheEuqPAp2LfXI
3oCGfRxgTe9756+gPzwKBZwGSMNFQjGOTHxqWnoCkQoDgOkOnCzTDcRbRVBAh7Bl
aZ/yOte1iSyWiU8V/7VaosReizEY2/cCmSrj/p2TVcMPe6B8xBJyHI+6VZRPllEt
l7zClTRWcp5xo1Ii/yZ+UJxK/PvYUNYt0gmJTJ7tKx05kF1HT/KmrvxV34/GCR9w
adAteQTPDllMeBb9Wt1PXxcTcRU8MdvTONLXRp+JocfRkUR9ObSy9xdQG/HfTxOZ
DIzECPa84tyn0nmrIJFkoKccLPJcYT+O0vypmTsVHlDIPai7gqWe5uYdUxba0Cjk
OvbVZkQVlA/Z8yY/GiOUIfZTdjZFxLPbOWn/h6K+ud6wcjpQ3Y7vRU+FXZ+EQtqy
GlCDmmDh6A0bIgoNvthk4bDlc2NMwQI/k9rUshe2i3k5rUmxa9KkIPLVdyw7xtvH
bBTMdb2zlkUld3Gt5tb7g24GGe7Gh8iMdaYVhOPoJpkCAwEAAaOCAQkwggEFMB0G
A1UdDgQWBBT2d6OZJIK5jYNiovzEe63K1m754jCB1QYDVR0jBIHNMIHKgBT2d6OZ
JIK5jYNiovzEe63K1m754qGBpqSBozCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgT
BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
BAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREwDwYDVQQp
EwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDUNZJK
P9U11jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCv2pi832EnyOuH
N407W6It/8PvmwSpC3/ZSIHt+IEKf2YOkR256J3NsO8/C3SaYNySk4Ew9DwNFVzJ
vZ4bcoTZsKehcY0zuzJ7onafLvQV549QA8SLA75ydgAYeMEwQtF1Yni5xJYDfA7x
t4yDNnbSTPjqBq2nLEh0Bv2pzXbPGAR8VyLKj0IKHQ1FMFVoRv+uidTCz5VVZilD
5ojgljMnTcxwYbYQAtG9XFukxcFsvEltN19xujrJgt84isPAtbGcbI8Y98Fh1BbR
xTN9o+KCRkneZtseNSWoCIAuLLwJEx+NWQHJXYGzOZAgoopw7G7N4U44VSdwhQSC
JYgfmkjqW+VMYB/AEXPhXMZFGPyeYTYhugChrf9t3heREZL/JJPHfCkGe1mAQCOm
xzAbZVgzjE4VKLjdvNvhW2Rosmqym3dCq0wC3xeUsrYPeq8U6r3kpkxrmTbMDnqr
DIqDbstwbxsmTOXWYqTnNw5PDNdyzC/rL0r0H02FrLiZ+mj3wpD5+jEnicO5cWk+
GkpKVerSY3EjOWvmkLdRr7AiZqq+D84Aqqh0rvFIuSfSQlcylZ4LEpp66ADCZWiQ
B+yd54UiGk9/gwgmqJiaPYySWf4BKWxO9f64rdfzChgLplxCX+6wQaAcPYsk0sy9
IUetobAJBkntkGyb4+NO8Jp4oJbh+g==
-----END CERTIFICATE-----
</ca>

# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHMDCCBRigAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
ZGUwHhcNMTgxMDE0MjI0NjM0WhcNMzgxMDE0MjI0NjM0WjCBpzELMAkGA1UEBhMC
REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1C
TEtSLWp1bGl1czERMA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEWDmFy
Z3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsRFt
kM7rZMACsU2m1cXW4aSR5Ohoo+lb5vuU9vAyJLUcZIXod2D6PFEeHsSr2XrjPYCs
xMf098dARSS4n1WXfEIoKqqqCox40c7P3qOnFENPQ40IPY9Dza/Eqsx/XrJfydTz
vm0ieuIjMyEUJ2U+zsB3ED+jnreq5B0MV+JgnnWSfaVe66kq+C3tR1ihfzyBSMcl
W6CxgxO0ON8/N/iXj/gevqPfENocOFXKEmDuahzB4SUt4zw4+ML31fo7Dshwr5gM
Xj/kooF4pRTuvwCFQiv6LWMIONdX77/lVySo3yqPtce/edeLVraKyoSaaCvcho9G
5GCSK/vqjBf/jDArhm4QNSAXjvhVOrT7q923ASMMIuljZg5T1ZXnZMAvNjYiZbOY
Qz1NiDzVMCsVd3SouApJxUejZPM6fs222330hzuNCKlG9+grO8OTFcL4yBNG/dkE
qrjnCOdhrlJSB5vkHNkdg55M7ZULTbdt46BO4p1e5vRiA2V1F/GIlrUzQCLndGcs
vKsR1acBBmcbF96OMyOJHdCChKToKvKWFlMiaG5hr1wDtPPrbUVbmOMqQCWdfWsL
VRVaRjagR525f4HXdSJH6RbNJOcx6Z1D6HppcdGHjvBlDJ/1JPNnhJnD7P8peHPe
b3fAWLq3eSYoHwiE/LRfdqHdhrD7aLEH79JnkvkCAwEAAaOCAWowggFmMAkGA1Ud
EwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZp
Y2F0ZTAdBgNVHQ4EFgQUsbDah+SyK0zNTayFSlMEsRC7/t0wgdUGA1UdIwSBzTCB
yoAU9nejmSSCuY2DYqL8xHutytZu+eKhgaakgaMwgaAxCzAJBgNVBAYTAkRFMQ8w
DQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVu
MRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMREwDwYDVQQDEwhWUE4tQkxLUjER
MA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
ggkA1DWSSj/VNdYwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBEG
A1UdEQQKMAiCBmp1bGl1czANBgkqhkiG9w0BAQsFAAOCAgEANb2uCYVkQgdUYKH9
fZ6qobcc2vhrDP7r/oSS2vFvcpBq+/6wb09e8a9n47txbUmNT/1/2ADXwwMUQ3jz
dI5wHckbQLUHRi3H1A9Qbvvb+xohyMJpq0kNdVkGGx7woFc6SQq4Npf2h+yCm7T2
pFvDO7CmWuKYYv0wWbtqhI7hcQSdvhmCMcLebsz47rj9t1pobIpqbletYr0gXgzZ
DiOOwlIJ1hSQ9OqauR4I+ba49Jy840o6C2W/ZAF/zMTfZbYMp4wAZsKiTamE8MNw
KbQByrBbL8LC15i2J5BE3DzMgkDzMUk3nthe1qOoaoZjOyzILrtl4B8FGgtGXnVd
6VO+c70/hkbpkl5++c8Z61Bgd6pewj9bBIDLR+zk0XbVXdPHZZ6zKDABhLMK2XTO
46hEMWibB90cMbYprJ6P6S8Jat7E3yj5MJiFGC3tY5Tw+D+/+n1C8zxRlLaLqznp
gWMuik1AuzQhjTmclQTNpz2PIcFjvw0xVGmISNCUGZjnJPK3yCBPzUd1/KU2biRC
STSildvyB3JwuHmfn0u7lB3ui9FfSbPSGZbLAEJUaG8AYZ5mbFX2ZSELMIHIzluh
qeL+MpPV6p1gyC5ze9oAsHrjnBX4F/GIG747+/AOBl83jLVOj+gzfojaZxhXPdxg
JBOkzmg5L6ieQx+1EeJ4jNf1D+k=
-----END CERTIFICATE-----
</cert>

# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIKFf7x+y0VjICAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECKNd68aH723ZBIIJSCSKYMe/zTkn
g+fRJKj1dcWhw1Lih1uS/Q636GDykHj1DCcQsZjgNcy61FVh/B1Hpd7f2dxRf3vp
YKDxCnEKAcGjSMsXhkXwc0mz6vPrYNGhdJ5/9SizjW6/+hU/qhi8iZQVPPJU9zVh
4YUVC8kYHkU8FjgEEOyMPwjtRjxWAuB54Q0Ans1C1wlzz040UEGRfVm5+FkuupUm
mvMzcJQdwGYcWFZR066xTUkiDm4fCaG9Lc8RXj2TCzUsKsJUlfmoSCO8DHgOqUM/
6M7TNP6HmIWtX9NOlH7j/dLDIF53afbuDFaoXKdL/6nibZvG/o39IJ3n7hJHeZFB
Ydfe1b8fCLl4+6O2RFEQfTmbjt9AA1G8bRHdFT80ekD0rUfqBEMetDsHkExHr8Vt
kscM9KmYxLA1ExnQ07UWRPPqj31dvOg+sIVYBs9Ou5K0yK9vj7rZPK9M6P+Rs5mD
V0YHCrCzAPLYd8zzWT7uI0hVoDd8ooMoCUXNffzLAwfjormVzR1as3ttIhf0zjz1
6oqXvby1ACaIqWpRm52LNef7MDcCdv6R1kgB1JR+CWduOTCMQ7yklOY9A+S+E4Xd
xSRkXTkVh4awVIRdoqmFbgrKlQAoarvZU8V/ayusS6nGx+9j1F9JYXFbp7Dz2kLq
hLZnO8sOsQo3+s/2nOjhREI+YLBbanSge7t9hYsXEeJ51lwx5luED6ktfFEr2fTs
AbyoM9JpAolYkyqmDHYH5WmRPeTHLIt0ZKfhnkCroV4KC+zMN1mNzgEbEuZA7eY+
sAjFMJzsiamCTDlSb8x9VzVBHTeyGW/OFPlzratv1l8/9qZ5YGqOFEyAGLF5956w
5YEP1ojOe/aYi+zYdablrQkBY//Lxv37ZzwhUclkBKt7iHk3cS5EAFtL6if0vsQ8
d6W5+dNgkEYcoTbupkjGHXAG/UqbibR4j97WODb+qBdsUl5mIV38Tl9y+rwJjANP
Xi9pdnFE+O/u/sbXNVNlN/tfu2AS4gfvKccNJJV5kqGHDFwAsuoy5Nado8KHSetR
FOCLh/ADa8OE071xsqr4z2T9JkpN2aIqiHROCJvOtepZq+8gblmF1VKEnQDTuLFW
hRMbXkL9Xd3vz02tJCGf+1YKKS+G5cQirVHCxRRAVc7e52Nd5+W+0Ds3xLo3oZIV
txHZyQ8qFuAw5EzYQ/vVSXfuTFohcrqDQl7DTtlEAcEyRyc5J0oJzRCk4tTvnFdD
xL+yxb6EqU018Y/aryEOJAhxIullpaCAEAy8WyiUyu9Bf4gx90UVUpXVoU8+WGk3
/BGyAwmyXCVv/M6rzcSQ2bm1n5ga8SkmZvLH9YC11oir4jM2YY+tFvjeZg0Zcatv
pdm4XM1bpk3ysf8HatFqBwnd+xR2Uk6l+f3dyhYzcz74VZyqjbrnUgUPwFTZTI7c
9TA7alPzRqnuL0LBYjs2H4DSih7LPfJTTohrePhMEMpJnewKWayTuWSmMoQlZWOM
iIzT+KcLxWQSliolEUQ2HytjJ+898WETe2pJaCrA12XJ2fPZcAhuYKdrWD1N5qXb
lll0Xl08nVxpQ0jRxpoIvjBiwrdPF97BIYaVCXCERQMFu8rFeOzlDPf4H/jtCCSY
Obv4b5h7XVhKbewKHZsOWprOecetK2goGVO5UAiPsrE2VKugzkg2+5HoV/wC4VBN
yhImVgK1MsUqFnwSsRNQTRZZ5bUL83urBOlEJvBh2A7Lgo6tVJY+mYCIM5/1UYMA
2JPyXFn688h+/f0j3p9kGLiLgblsiexu8MT7DABgTrQVd0pb2O/7T7B1/zoMzDW6
DQhxg/+hW4A4zbxoauup7iRBkLuoc9UjA1p3wa7Kd6bcPesjv0iTjfxGYNhl7dCM
48eqm2arMd1N9ns3kjKQzbQPswuKx4TjpE4yJ1hPQGWhD5i1znJ4yl3IhIlckHoH
LAXxeu82HGbMF7qACMO4Xan00o9egawkbqx2sOC8ghBcxi8Jn4zEt5kEgQVcVg4d
8wIJ2f+D2z7c94ycBv96Cm04QVyNZkm5Gzzf3AQW0wLo1MRaBok+JOiWMEb+dqV0
/MAZ2KibMxWTkRNfIsJVx88fwupUk+ztM8ZsaAuYRBrMZrnw4LGt70xHhp1V75qp
6eReNMU3/oZ8JNjP7yoYLX8T9fBlEj9z/ErbyAEmWHZSSwR6sXJIzXr4ywVWHjXk
U8ZkWMVa0VMozAUdzfMPBjFZwhYBeEguiAYN1Wtvbz//EqnbogxNtTckwTlgD4xI
ECfVaAsaTCtL8/nOVM11wQhmJYAbMtbi5BFS/KOoCo9N3wse77aFD9PF7bxV8RHk
JtY/u1seqbLN9ZjGpQCusl22GgvK4Kz80mRrTtDpP0aoT1BTn0Hz6Y4GJRzX0x1Q
u+fVt0+beC4pjd1mJndpoXG1S2+WHPh3SV2f+ZYiFrQd1uQ5U2dCq6VlfZBgf6xP
bZoOmcly9NQM4nEszGt9AFGFj5mw234dmQdVwbjcYhMmXSfmI5wCLVyyQBKHrp5V
kG4eEM8HgXqBrTMVoyA+BNK8SRRUZUD/eN3bwvE2CEkAaVc4QRIJCtJwEvOP3SA2
EjbcNbdfhIT6OA7AWIMXaLwCTre3vMDU4z26EA7/k4wNKvvpJb49ScgJDMuIS9h5
BXh0q8B6VvPFGuTVV46uz/gl8fU1cROvCJclCbaUMt4lcna+rgvJWoX2BtOwWfEV
ZYGHBqPt/94tO+fEWr9e0SqIwZSiyrfTZhfJUZjyDNXTedF4BfWyI0CkC/NfEswG
P97ozo4un/+P5NseqQN4EXnZR1egUur4mCJz2KCrv9M0LSxwbZK2cjZCqnsIc4U1
aufbzS5YerTKCduGVvuwCSlA57CeDXlFE89M3hwSD5xp9tJbXNL/q0ufaPCSSV9C
BMW6SMUvDzKBY1hULCfYCnrrzI0+xfvoBQ5PwiUT7TVqKV4wViWiJ1BSp5uJkein
hrm3ER4tmS7LX+pNBb49Lgpar2Omivm4/tmgVwhhw9e0X+OnpWqlTAqcti73rHKm
5zksjTcjTxfjj2kEX8ASXD5I8H2v+hXZrmjE8PV+jA4Gl5fooMF9gp7z3EE3wyeD
OfI90G7V8F2NBjx9rQx+e1/Sz6yRtEdtUCKWFMTJnSEWTOF2e4I1py0IRvspMOTG
gQVi7sR0xnQD61dmqU8dWw==
-----END ENCRYPTED PRIVATE KEY-----
</key>

# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server".  This is an
# important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server".  The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since 
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
# 
;ns-cert-type server
remote-cert-tls server

# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
b185215657011d3b8e96ff855a3f90ba
94131670f65a203848ac7040329594ae
e867c606a0df1d12c265d7ec7d4dbd91
c38c1e2103405f6b5c345548da2ae3e9
6ddf55904f191037d673dc454e31dac7
d6dd17917b0a045914860b19d310e541
7bd707c41a3ed7d3b2d6fe522419a1d4
cd929a7e2aa6183a0c83a4b212cbe96b
e9bef5a76b621ef947858f96be60229f
e2107488c6f0a50e7f3acfe5a27952db
53f6e8156b7d10b4da35861906b81558
f8a24a15f2311d592a0d6186a95261e8
f186ec3f54672edec2d04b4c99e5666a
815684b3129721e82c24482438ea4c7b
80585ab2e4fd43cba32bede430bfa685
cfc5755d9b1087aa3ec4299583e1f0a6
-----END OpenVPN Static key V1-----
</tls-auth>

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES
cipher AES-256-CBC

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo

# --auth-nocache
# 
# Don't cache --askpass or --auth-user-pass username/passwords in 
# virtual memory. 
# If specified, this directive will cause OpenVPN to immediately forget 
# username/password inputs after they are used. As a result, when OpenVPN 
# needs a username/password, it will prompt for input from stdin, which may 
# be multiple times during the duration of an OpenVPN session. 
#
# When using --auth-nocache in combination with a user/password file 
# and --chroot or --daemon, make sure to use an absolute path. 
#
# 
auth-nocache

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1

# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull