206 lines
8.1 KiB
Plaintext
206 lines
8.1 KiB
Plaintext
##############################################
|
|
# Sample client-side OpenVPN 2.0 config file #
|
|
# for connecting to multi-client server. #
|
|
# #
|
|
# This configuration can be used by multiple #
|
|
# clients, however each client should have #
|
|
# its own cert and key files. #
|
|
# #
|
|
# On Windows, you might want to rename this #
|
|
# file so it has a .ovpn extension #
|
|
##############################################
|
|
|
|
# Specify that we are a client and that we
|
|
# will be pulling certain config file directives
|
|
# from the server.
|
|
client
|
|
|
|
# Use the same setting as you are using on
|
|
# the server.
|
|
# On most systems, the VPN will not function
|
|
# unless you partially or fully disable
|
|
# the firewall for the TUN/TAP interface.
|
|
;dev tap
|
|
dev tun
|
|
|
|
# Are we connecting to a TCP or
|
|
# UDP server? Use the same setting as
|
|
# on the server
|
|
proto udp
|
|
|
|
# The hostname/IP and port of the server.
|
|
# You can have multiple remote entries
|
|
# to load balance between the servers.
|
|
remote gw-flr.oopen.de 1195
|
|
|
|
topology subnet
|
|
|
|
# Keep trying indefinitely to resolve the
|
|
# host name of the OpenVPN server. Very useful
|
|
# on machines which are not permanently connected
|
|
# to the internet such as laptops.
|
|
resolv-retry infinite
|
|
|
|
# Most clients don't need to bind to
|
|
# a specific local port number.
|
|
nobind
|
|
|
|
# Try to preserve some state across restarts.
|
|
persist-key
|
|
persist-tun
|
|
|
|
# Server CA
|
|
<ca>
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIDzjCCAzegAwIBAgIJAPf/MOnEeNJTMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD
|
|
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
|
|
BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMG
|
|
VlBOLUNBMRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJn
|
|
dXNAb29wZW4uZGUwHhcNMTIxMTExMTgyMzU5WhcNMzIxMTA2MTgyMzU5WjCBoTEL
|
|
MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
|
|
DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNV
|
|
BAMTBlZQTi1DQTEUMBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEW
|
|
DmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIdp+t
|
|
lUB/nx3JqiZiBEkyTK2m+uH/hes4wYTpmbRY2x1YJtwQegX/sfxuu0n1xA42gON0
|
|
eOBc2v/MmKzrGP+VP2VxWBhR/VnJsPeFTJJvD6ioM+jc9xNeZFNgHibRw4vzipyK
|
|
ALQJK6gJ3COvhb3YWOul3njUGgZZkaikPMuTQQIDAQABo4IBCjCCAQYwHQYDVR0O
|
|
BBYEFFb+8DvjraReG34P1h/k6dWObxLWMIHWBgNVHSMEgc4wgcuAFFb+8DvjraRe
|
|
G34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
|
|
bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
|
|
bmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNBMRQwEgYDVQQpEwtWUE4t
|
|
RkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQD3/zDpxHjS
|
|
UzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADPFDfqCtYtsS/NxGVYc
|
|
hgxKsA9S/kBifNbde0e6nmPBgufW+O3uPrkvg7Wx2EayxMhX/dVrAYm8NSNCdWXV
|
|
5ra0lu6cTI8rwWt404e0F/o0v6u+5eWHFxSF0lDJIVhwvvVoiAUJQw8h+BlI5PYO
|
|
JcHZCQoQE1/RE6Xp+0xgTXvW
|
|
-----END CERTIFICATE-----
|
|
</ca>
|
|
|
|
# Client Certificate
|
|
<cert>
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIEuTCCBCKgAwIBAgIBETANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCREUx
|
|
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
|
|
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
|
|
MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
|
|
LmRlMB4XDTE3MDkyODAxNTE1N1oXDTI3MDkyNjAxNTE1N1owga4xCzAJBgNVBAYT
|
|
AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
|
|
by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNWUE4t
|
|
RkxSLUJSQi1raXJzdGluMRQwEgYDVQQpEwtWUE4gRkxSLUJSQjEdMBsGCSqGSIb3
|
|
DQEJARYOYXJndXNAb29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
|
|
AoIBAQC03mzjV2d4r0CNyxKc4pxHCyGSOMe9G/CAiDQNow6QE7MIug6JS+lIVQcb
|
|
3LDzty0L+0n3Jqh4vS170H4DwmVBkQB8wjDtNmseJ/U3fN49Il5FDbAzdVW7aRQy
|
|
bjqAadsuBl9nc9kTn34OOttZmoSQKAT/ujaqx8eNoA6t95MgN4pZfxaRIAAv4yad
|
|
QUDhYjcWAo2augVZ/8XFBeUASgpTby+HR+3OEkS7AYIW4AoGXEnyO6HZFEpAwX4w
|
|
uCyZrCNERcqjSq16xdO1SDXo1F7vLL9iwYethXkRDpep7ti7qnntnxULI3nIyJEn
|
|
d1WQGY4h6Xdg/FyUOTR/HJ3uxsUNAgMBAAGjggFsMIIBaDAJBgNVHRMEAjAAMC0G
|
|
CWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD
|
|
VR0OBBYEFFmuPOTcqXL4Bxe1vK3OLx2GFNccMIHWBgNVHSMEgc4wgcuAFFb+8Dvj
|
|
raReG34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJERTEPMA0GA1UECBMG
|
|
QmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UE
|
|
CxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNBMRQwEgYDVQQpEwtW
|
|
UE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQD3/zDp
|
|
xHjSUzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEgYDVR0RBAsw
|
|
CYIHa2lyc3RpbjANBgkqhkiG9w0BAQsFAAOBgQBeDMCmsj3MCfNafHIFCwIroQZG
|
|
aO+eZ9LQawe73ErK4ns0Hvs/FlbISAchqqunAes8GRSmjXAbDSuKsn8J9HefTwxs
|
|
qgi2yh/NTy91xiZBEXIXw6axJitDjmAVk1yrgwsXf+VfdNnFmtUnv7yNNS+0l2Sa
|
|
S8IC2O2zmptPeLkkDg==
|
|
-----END CERTIFICATE-----
|
|
</cert>
|
|
|
|
# Client Key
|
|
<key>
|
|
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIZLyjPOPjcmUCAggA
|
|
MBQGCCqGSIb3DQMHBAg+fO69EK1qlwSCBMioorKHJweCJL+vE8CDuzm4KL7s+dq2
|
|
KX11hok8oPhkhAa05Vgl21rTur8fj8h+MzxKFIsWsd3JQ+LRi+qFLObTNM21Tewz
|
|
v4Nu79NLgZu3vA4FZ4VdSwxOebE3IJuS6xFpiskOLWLGT/H5G+bnUyUY5nnELxEd
|
|
eYiNYDLyJ4ZcBKDU2yQ04EMMDObxi1ervCxoYYwV7bqV2hjxVTC7a/bLF25HTY/4
|
|
UxwbwVGnGAgjWjZiPAiM4sROEZc5Mzgk1cx2K4p1bnu4ZMcnhvL3GnasODFfYnGs
|
|
Qq1WQX/gGEGPEgP2k/EyZD8KwrShYQyOfygw5096VGXREc9xXtfWy4NbHaFkbBMm
|
|
JL9Bx6whE88RmsVSYwa0JQlTsiDayMDTgWHq2LUwy2zN0JJns9TWGu/3SsOkVQyg
|
|
NTr256KsW8SOUa8pAgb5VtBQOkYus9t9FOFzuIRfSjqDruTQQDcXBJPKp6v8XR+E
|
|
FYDm24KebxvH0URfIO2vmnyC/0uFJWicwzRogTYVoFzcfRKPuC32OL2bNklWVe+9
|
|
xqPU685DytZhMzLyoNC+SI49WoaoslZy7YhqX3ClQ7Ac3t2ykw1sCjud05u+G+Ys
|
|
5OFxlaj7qk3VEiWgfNFM3gbONf8asZPI81WEhHykFFnQO7852ZnsduGjZ2XqLBMr
|
|
kZzYYxShvQoqIJKz/FfZ4T8/CIIE6LfWy+Izj72G7ifr8Sl1NH+6EMkTZSX6yZda
|
|
KUnf60oNKpObhywNV4YWi1vsIqbqaX/u12+2Iu9EPxVrno81OrQomrsrYW1PG3ww
|
|
e7uRugmg9m8TgvDVuQa51dtK44YjmQJgbWRRTfIHzg2gQXV0F5PA32tFsdgR3OuW
|
|
a1aW93UOhss9jp0SExvTve8pxgexVwuqPHl3ClVWUSBz/azvJUH9DxBZNuSMxONv
|
|
cV2lkraPY1H6UiVheV70OYM9niXRgkBpMVa6FdU9YtEtoCGhhxLzOImAaatTfCbe
|
|
vAomJvuusEHvEGiqhL+yB6Gk5s1jNG9+FN0JkamNnPNoRjIMF09W1IkcRpBN4wEC
|
|
HHtQzCdl3SkcXaJ4EWO8SrTFXcCgkdC3vqOqPRqegh57e3+XROSoxYJ2rYHAnPzH
|
|
AUczUx+W/B9zQWoq1lRrST+xydErWphlwzCIBsOW5aMTdOaKlKpzPDjGbL6ATnx7
|
|
pN0z/+giP9s6Rlj/HUhG35HG1lqE5PcjykKA78Ki6Vf8rc+uveu16+SpDMwQ5kZj
|
|
uSjXypevq48Xh/ZcmZho5rLB0sq3cW8taqVxZXyL+HzZhSzra08BXe2FCy48yvsr
|
|
QaVfP5rMDFX+aNiD8Xng8ATNBL+ontY+Y5RNb8NdVljxCBb7E0yBveN6ve574jQG
|
|
Z3qrJ13xwM+zNqBT48dbIpYTN60cLfdmj1jN1yuhNeajdwwwDG7i5ix4Afmwls1R
|
|
MA0Z87Jl/fUDY5ymTSkiNTBq+90vWu7asRp0wSlxNDg3EOko9mbQ6XA1v7NJfV+s
|
|
YtlT2DRNtt1xfA/XKLH7NuIkkf+iiLY5H1o1SJaRSuI8AUI9MFoazob9y+RkS+Pv
|
|
0u7y8U1a45idpqfC0RONKRukMS4xicTC58YcDadlni5HgQq35VC90UMckQz9p+Wa
|
|
Iug=
|
|
-----END ENCRYPTED PRIVATE KEY-----
|
|
</key>
|
|
|
|
# Verify server certificate by checking
|
|
# that the certicate has the nsCertType
|
|
# field set to "server". This is an
|
|
# important precaution to protect against
|
|
# a potential attack discussed here:
|
|
# http://openvpn.net/howto.html#mitm
|
|
#
|
|
# To use this feature, you will need to generate
|
|
# your server certificates with the nsCertType
|
|
# field set to "server". The build-key-serve
|
|
ns-cert-type server
|
|
|
|
# If a tls-auth key is used on the server
|
|
# then every client must also have the key.
|
|
#
|
|
# Don't forget to set the 'key-direction' Parameter if using
|
|
# Inline Key. Usualy , sever has key direction '0', while client
|
|
# has ke direction '1'.
|
|
#
|
|
key-direction 1
|
|
<tls-auth>
|
|
-----BEGIN OpenVPN Static key V1-----
|
|
670c1735182a2aa7373f3913f4bb9922
|
|
1011f52b6004f688f702ee2eebf789de
|
|
8e9a7cbbe597de15dcd0944cc77c63bb
|
|
247ef4ec6beb0ab1ad0e68fd3224d9c3
|
|
50f3536eb45f0582ab3deb4a84144e08
|
|
4ab82c010550262a803f617826443ed5
|
|
34ace631dd1115372b4b6d91523ebf9d
|
|
5212960ff14b16776359a2c4a8a78672
|
|
c6dd16d8e3bead764da1f39a267a5d2c
|
|
e798d3f52e0d8ceb7cafde530cbff390
|
|
7a099224465c3bde210bdc7e713dae1c
|
|
05e190846e0bc7cc8e4c79427516eed3
|
|
b580385daaef259dd823e67970ffd9f3
|
|
125c3b6217f6622652f76f1da0ea96e5
|
|
b9724b6abd8384f45f11d9b41a9afa7b
|
|
34d1a506ef314806f46e64d46f4b53a7
|
|
-----END OpenVPN Static key V1-----
|
|
</tls-auth>
|
|
|
|
# Select a cryptographic cipher.
|
|
# If the cipher option is used on the server
|
|
# then you must also specify it here.
|
|
cipher AES-256-CBC
|
|
|
|
# Enable compression on the VPN link.
|
|
# Don't enable this unless it is also
|
|
# enabled in the server config file.
|
|
comp-lzo
|
|
|
|
# Verbosity level.
|
|
# 0 -- quiet except for fatal errors.
|
|
# 1 -- mostly quiet, but display non-fatal network errors.
|
|
# 3 -- medium output, good for normal operation.
|
|
# 9 -- verbose, good for troubleshooting
|
|
verb 1
|
|
|
|
# Setting 'pull' on the client takes care to get the 'push' durectives
|
|
# from the server
|
|
pull
|