##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server.     #
#                                            #
# This configuration can be used by multiple #
# clients, however each client should have   #
# its own cert and key files.                #
#                                            #
# On Windows, you might want to rename this  #
# file so it has a .ovpn extension           #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-ah.oopen.de 1194

topology subnet

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Try to preserve some state across restarts.
persist-key
persist-tun

# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIJAP5ZrV6+kAU+MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
VlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8G
CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDYyNzIzMDc1NloX
DTQ5MDYyNzIzMDc1NlowgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQp
ExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFxAf/gwUw+PD7
xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
68jXrrmvAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUToIeFIHrm8hxLLEiaJC/7tnU
/9QwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9ShgbqkgbcwgbQx
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYD
VQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2FuemxlaSBLaWVs
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+Wa1evpAFPjAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxLfN8SL5ANfwfU0OKi0MH
cXlk2czIC9pcfrMaVp6gWgUKEqmNAC7NOqv8rN+fHXmfQhQ58s7SDqEJgYlfpwyW
mAIT6D72NN2z8t4iYhu48R1fV+Ml7g9LfCtSOpJXezpzylKvNKAQL7QYOYsfZN1N
SCIDyf9Ub65GLDiWmi3nrOUBlYO0yFddJ3c1MtU3aUAucMZGGGwORtEswqVzMcw1
ZbQppHcWiwJ4nFNmTC6d2nct1ELrv2ckaaPT+HazFHVtiqkQ2yoYQwoZhjZqOAPp
uxIR5f7mS9PtugPSuvf4aftN+7DZq6otfTEmOoIoN0dznV60Jc8xTQkzHuNRjwVi
-----END CERTIFICATE-----
</ca>

# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBCzANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MjAwMTE1NDZaFw0zODA2MjAw
MTE1NDZaMIG9MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEiMCAGA1UEAxMZVlBOLUthbnpsZWktS2llbC1oaC1sdWNrZTEZMBcGA1UE
KRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9v
cGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy+f6OZujjGd
OknYsbwjBA5toqsqGXkSdMmo/xxCYc2KFiO5UODuUHR3R0ZSXaorUw5q7zVsA1w/
IxTJiPaAvFB5m2RCFPDp/Kb1N6KdRs45fWKkgqf0qtgubk+PauZUJqIhs7ZMnOGu
E5qCxS+gpeVYci/FiJbU+IQZHs16zwsNgRpyYe225BxovsXBvIJ8F5EggbFZYo8b
Bc8whBTlKydk8CZ5SO9ObIcrHmiBXbfFNY5rmxgsyj40RH0hhln/zXUK59WBgg2k
Ohirf0RpwFieeCg5xCF1NTNvpRKfDhQZqj2h0vyelN9LDZs/L9bGHoNu3xWlOXPi
+bPKIZFivQIDAQABo4IBgDCCAXwwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYe
RWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQSGG+S7wZ0
V4+lpjuJuPnLCrCImjCB6QYDVR0jBIHhMIHegBROgh4UgeubyHEssSJokL/u2dT/
1KGBuqSBtzCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
dmljZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBL
YW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJ
AP5ZrV6+kAU+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNV
HREEDDAKgghoaC1sdWNrZTANBgkqhkiG9w0BAQsFAAOCAQEAWC+QrydsgsXQCVQ0
LZUd3es1NS6ClTPkY7+f/CZYWpFQP8qW3dB3W+S33qRRcOvyXP1m8k480EFejCXK
qO8cUdKtDD4gFZccp+zWXKaZpmMjGm6WepqfhgDdtKcN2XdKvgwowy96c9JP78b0
igGwfuI8bUF/dVgHMlkT6X+PIhl77OEh2bNUbpfeNlPCjr2+e70mCVcHji060D7T
l4uh4pHJwi2JINLkZfh3m1xPvQU7h+K9D3Z9k/IL7yxFdAY+6tmG8VUjigDC7cN5
NH29yAzC5fSyKO1xdDkc8s+s8Di5ufRBNVgcbflPzh7t7vcGlflOf8Gq1z5ShHIB
ZQ21Jg==
-----END CERTIFICATE-----
</cert>

# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIXEjPaNf5KGgCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECNdZNDlsLt4gBIIEyOzgTgA/V6IO
pWGeNhluCi3s8PPytWN35z5mSE3N1ErEveJ65W865nNJkqnDR9a7RVciE++KhWs5
CYoopoGcUyadyfKIe9HkOplxeZsy1qHoMYDNQqww4cr1BV3erA6OkW4XJ0RMZcyu
aCdU649EmdDPmESmW23Q4getgX8sHC0/Yw3GHpZ8jqh3tH5HYJt2/MAQGAtlIlOn
MW4cE9ZcWuD0DXH0sjakovu4UqxefOmmYEWhS9Rt1hfu7rE0Tb4Yvl3lzR7ke+NF
IAobjcDtGvTr+XxUyhLY57I8qlK0uooyziHhZWusu358mjWaTifqFUN2NRw1rgqp
FoMvkSeyGTPrMO9eY1N+QLw9KZ2/Sd+1KcLhOGHyc5DhL6YmlhxsnMJDUiqrDC/v
j191WT41+yBSqfVY9PgKU3B1e/kEGWM+JZUz5Wpx8wP9NREjX+JUBkiTcvbho61D
3qxHFrqbcic1gKcCQ61c7dV2c/cH9EAYl426qzTclmw0fL1rKjutUJ6USq05gcNU
e8ugKz5xR/EyiUKx1iPRlKd1EJORX5n+XdTNhvJuO2x5CXmT28Snv7ZpQEC3Qpt+
P6f8hm1c2Dmc05wePoc4fbPL4j47fG45EXWeMw2gAPzWuGkVEN2zUSRf43e985/k
E3nzQVwXZ1K3zg80PEv9BcmH3aA0I0Vp4b3EH2gVi5Zxcf8fZoqVKBWppFND29pN
hQ9Vnlu1R/LQ9I4OFO+txmuEADCVh4KNzZBfPwdz5ZiPAtw3jFpYSbbsC+nbha+4
sW3HwDwCqF8tXBNyVFI5Vk5Saagu8Rj4/ng4NuEHVFIJD3Ul5bKb4Li2Ld5HGMmc
WU7XTwBO08onPZp/EpYem8LQ3fPmwKIdyiWDc7gOIeHgLp0/y08aJTcacYBpInfq
o3Ne6z/drZErYRie3r7NCpzCt3xzEcQhfMi3PxxTOMOU3cdEtQhkAq+XruWesIOS
U4/Kgv59K0wpMmg8Ezg9qKrDnwylNhab//sC3IT6/CjHsvHAmMyxwRVaPu4420l1
uK8fZPCHSmHeuR+A2iEiQMBmCWE51BIi3tOH25PhkibpZHD4RcN5b+Ws7lCbFF1s
fCsYoVLEufzEZdsr7LkDpMdfvwJXt2BqvwRuNwoV5VnuVLI+yfnkak4j/pt9Vwvy
hAqSCdzjxp6Sor/5tJBs7mfGQHO3ULgp3bVkuELnzHEOyUq1h3BOpk6VDnk9t2VI
xg1WVr6gztKdvtjnfFoguE+Wdd6N1XGMxlBzzY7BM1TIXQM2k9mM6r5ACoy17/Xr
M8aS8BQJ+M+dUVKTm0fMLPVOCqmIlmVwZRrJybwc0+Qx8yzLNGTbwHUlBZ0xct04
JLrpH4vuzbewKIXCPQn9iCtmSNuHOkdaryKaVF/IrM2QXMl20WG3OMtazDnvYGP9
NTyyDQp1CMug+WSH3aEhs65pHHMjxj/I+4cH8CcggKbencG5QF2ztBcP0RK+Facl
YK4IEMkrCdorkY6MAOhLKhAOGPcYFSDgLwAvrN/xVLTkZg7Y2jR8gD33QZh9TDrl
vn9D5Se2xoGt6F9P3HuGnRSNgSK572ViPoMXqqjEJz4SShPwCWyUn5PDwYhJhBJs
UWrDe94SSE93IuXItNGO1A==
-----END ENCRYPTED PRIVATE KEY-----
</key>

# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server".  This is an
# important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server".  The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since 
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
# 
;ns-cert-type server
remote-cert-tls server

# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
36188fa3977457d267ecae99373870f5
ef6e44a8899d4f5ccc831e9d2dbc31ac
e171c7e8e49e0d2edd43c3834a2d0099
236aa4924c80971b0a34310eb69b70e2
fbe85a7395cc10bea13ad09efa46d738
f594c332d26c068b289ba96bbb1f661d
efb873b76137057a62b4e27b522cfce6
aef7ea67ec2540b00b4782780352addf
2f7722d1edd40a8f3de3b0295e2da07e
b46d196a4cbfd85e47739dc320af6584
eb960e2c5ba27bf2f56381f8eb3ceaf7
cc72d829ab05aaca6fbb205b78606ff8
cc58bc336adb644adfb0034f9974b7d9
f2b1308249cd74ecb555a550af6af1ad
b15a3f03ecef5f89fa70d2fada97a1b8
6179b0d487a6e3196209d053597a7416
-----END OpenVPN Static key V1-----
</tls-auth>

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES
cipher AES-256-CBC

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
comp-lzo

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1

# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull