##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server.     #
#                                            #
# This configuration can be used by multiple #
# clients, however each client should have   #
# its own cert and key files.                #
#                                            #
# On Windows, you might want to rename this  #
# file so it has a .ovpn extension           #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-ah.oopen.de 1194

topology subnet

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Try to preserve some state across restarts.
persist-key
persist-tun

# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIJAP5ZrV6+kAU+MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
VlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8G
CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDYyNzIzMDc1NloX
DTQ5MDYyNzIzMDc1NlowgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQp
ExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFxAf/gwUw+PD7
xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
68jXrrmvAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUToIeFIHrm8hxLLEiaJC/7tnU
/9QwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9ShgbqkgbcwgbQx
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYD
VQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2FuemxlaSBLaWVs
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+Wa1evpAFPjAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxLfN8SL5ANfwfU0OKi0MH
cXlk2czIC9pcfrMaVp6gWgUKEqmNAC7NOqv8rN+fHXmfQhQ58s7SDqEJgYlfpwyW
mAIT6D72NN2z8t4iYhu48R1fV+Ml7g9LfCtSOpJXezpzylKvNKAQL7QYOYsfZN1N
SCIDyf9Ub65GLDiWmi3nrOUBlYO0yFddJ3c1MtU3aUAucMZGGGwORtEswqVzMcw1
ZbQppHcWiwJ4nFNmTC6d2nct1ELrv2ckaaPT+HazFHVtiqkQ2yoYQwoZhjZqOAPp
uxIR5f7mS9PtugPSuvf4aftN+7DZq6otfTEmOoIoN0dznV60Jc8xTQkzHuNRjwVi
-----END CERTIFICATE-----
</ca>

# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTQwMjFaFw0zODA2MTky
MTQwMjFaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1zY2hhYXIxGTAXBgNVBCkT
EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKAl9KwrJEY48kbO
XtG6vxGxp8AnOZe6iFym+KACyXX0rlJckTiFrptKl4CGTdrcz/7T2F51g1ZLHkI9
VQ2aLDB+Ucjou0WZwvJ2UeigYlt8LUSReM7qC5rcoZCHTgKDUGUr/+8Ste7nYYGJ
I/a5VDvdCdB8o8Y/++3qRpLhaMluETAaLj3P8cGBvt7fceP0vqL6UJ916olD2bWT
ZxD7LIuyhCRz47MZzrkUxQmP3HN6PI6Hxpe+4tzt1GWrQnmwGCyVs6rEuZEXe/GP
vfD1WRJ6iFwJdhmpfGeGD2XVXqioYM7Epb5xxZy5TBuBoDvuWZAbfhmgvh7zXCJ9
cKab3JsCAwEAAaOCAX4wggF6MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUt2SyE3NU4JQt
Kj2PEgqCG9cXpnEwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9Sh
gbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
BkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
Y2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2Fu
emxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+
Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEQYDVR0R
BAowCIIGc2NoYWFyMA0GCSqGSIb3DQEBCwUAA4IBAQCUdZ5sr8Dlw9MXPAH6Fc6u
N9+0MHocHA6gqL39wvnyVvz/K5eoGiUSoXFags4wVj8gXt0ydpq893GR8DhTKH7O
aSg84wvzrTfWIxYH98JCEpMgVXKuZzHLgRgeiwTg5LeRrT5xGwowpBy6wjthCUjE
jSRVB1B3HuE6dYNIJSnRd2Amv+YNoXJUwShYr7zy3WWaR/GkEP/LeMn1EzvkWqQP
pdh4Xg7ni7lh3+Fyt1879d665qlwWGg8QhHyw7Bu1X8mmZ2R05f0YFZkV99ILSEY
Ab55w/w+T/7RzfNxE1926av0GHhAMr6ybXKxABf1t33Sa9RGZizTY/Lw635l/lqq
-----END CERTIFICATE-----
</cert>

# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI1Veh57OJg/kCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECIGb91ZmXtibBIIEyNonyB+eF+2I
NwQeNXzcqL/jiPNiTN6Wk6VD6OUeDejhXXgoVAC3x8fs+HPMdMqAQCR4gXlCJMCd
W0Jse3QvmH+46KkV6vTLaNV59lZonZIod4lp8J4PQqH8+s6o8SJ9sPypx7C9AbZf
Y+Ibrv6lp4BRu8vL8e5PAUoltv/1NlxDyxALxJzO/wAFOQRNGtjWcSBPKDPXURR5
DGhz/Ody/5LilOpC57KmphlCD4Mx4w94NalsBibE0aumT7I9wKeyHKrkq4sJBUHs
/M22S0blCfXhcvf8bQc1+FzsBWp1+UtRTgEJuiwFRKLK4APxvmXsXpaDBOM02F4K
a1ZFiQtrJLCLPfShV9/DL6rzX/bP/p0kwpx7valpW/nFA/iCRuyNA3isaB+NC9Lm
XaOPETsxPMxS/BsFDiMvryeDC8KEuuAa/WEizq9Z0xWYKvOYgan1HKoWvRvzmiC2
7txnrPK/axiwlha1jMZxTaHCGy6b6w08gz6ss+U1vPT4Qb0fK4Ovnbs8zh1/U8AS
z7kDsLRoxfSUynkYSYJjaJRysqe4YcDCcUisyDRYIQrRYgZk3h2pev1aell91F9R
LgHJ9mWECqB5xni80B/MpPiF/gWqTb316iPse1g+Bp/dAGl1tDHppUl5Z9/wqdMM
9ULtJOZm3EYfgOHNFvpDwNlLFEAB07PO4+oMByL890Ym3tcaoCt+d3fx4jmmaJqA
qqD2Wd+f8628gbhsbGq0Mex2DqAiOig96X9awcknZrs7EQIFvR9cK0wl4uEt8FuF
5tBPPY8Tsjm3jphOw0WBe/E4DuFnQsnNcsKmEOTOn8125UkQbPhlPqCOBMlcw5aK
L7b3ikd79zFTdWgSAao9Sf9/xhHNwsK7IBE32gXO6qD61AnOQgihKzi/ZV2Tp90P
w6I3EZ5oP3BNnPp9l6nvGYe0HnkNqUigcuP0w28M3wj+nX+cFVZD++3uTh7xOJM6
+br+TBQ4HDZ324PqiMXF45KCRvUrQ0ubRa9QxaXGVxpA9Rn8L+nqPkGocrrg1tb8
eeVYxLyQeQqsDBjO7w7rDL1ZHra72we78/3BkMS5gv2tQoAqPhAEv/43J2hyp3cR
0crZ8elxduaYXscDob56mYyBaDjWaOeKbGrm76yB10leEmN9MeHI7kQVur8/J/cI
GjK00zp7dY4/WorFxPFuSFQjeDnvI2bLlqdYaX9d35lLr7s4TYlAXM47+j9QzyMp
Maos/5/uUTkoyKiZbdzE0QoLlGqqoFGCWA6TgpPZHW3uXmf4gU9EQzTVHPcI6h9B
2APQiECFvDPTHtlDaU0f8b14k3KV4KBEBiFCa7yBnVCGOt74tz//cPOft1Jf5vph
QRhgNBw3l6rivM1QnMIKFuM9gqC4xcS6By+2+Ia4Ddo+SIEvDLEHtMs/DnheVkNi
e0TAiruK58J5nvdXf9h91WdqPhQAU4BRGzwtVX0yE8D6nSCvUZfaLT4tukr9kt0H
393u4t1/ruz4hpe4vCngnKDfSk/kbMbXF/XaDzytTO5AoA68CgS5pvhGpmRzVptk
aHglm1S5S3yCB0+ye2jDTBnckUIs+XXy8Uej6fJBon25HD4hyiVPIXkwOB78mhjv
AQwv/QUSTX4l1owOvSvW4g==
-----END ENCRYPTED PRIVATE KEY-----
</key>

# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server".  This is an
# important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server".  The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since 
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
# 
;ns-cert-type server
remote-cert-tls server

# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
36188fa3977457d267ecae99373870f5
ef6e44a8899d4f5ccc831e9d2dbc31ac
e171c7e8e49e0d2edd43c3834a2d0099
236aa4924c80971b0a34310eb69b70e2
fbe85a7395cc10bea13ad09efa46d738
f594c332d26c068b289ba96bbb1f661d
efb873b76137057a62b4e27b522cfce6
aef7ea67ec2540b00b4782780352addf
2f7722d1edd40a8f3de3b0295e2da07e
b46d196a4cbfd85e47739dc320af6584
eb960e2c5ba27bf2f56381f8eb3ceaf7
cc72d829ab05aaca6fbb205b78606ff8
cc58bc336adb644adfb0034f9974b7d9
f2b1308249cd74ecb555a550af6af1ad
b15a3f03ecef5f89fa70d2fada97a1b8
6179b0d487a6e3196209d053597a7416
-----END OpenVPN Static key V1-----
</tls-auth>

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES
cipher AES-256-CBC

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
comp-lzo

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1

# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull