203 lines
8.0 KiB
Plaintext
203 lines
8.0 KiB
Plaintext
##############################################
|
|
# Sample client-side OpenVPN 2.0 config file #
|
|
# for connecting to multi-client server. #
|
|
# #
|
|
# This configuration can be used by multiple #
|
|
# clients, however each client should have #
|
|
# its own cert and key files. #
|
|
# #
|
|
# On Windows, you might want to rename this #
|
|
# file so it has a .ovpn extension #
|
|
##############################################
|
|
|
|
# Specify that we are a client and that we
|
|
# will be pulling certain config file directives
|
|
# from the server.
|
|
client
|
|
|
|
# Use the same setting as you are using on
|
|
# the server.
|
|
# On most systems, the VPN will not function
|
|
# unless you partially or fully disable
|
|
# the firewall for the TUN/TAP interface.
|
|
;dev tap
|
|
dev tun
|
|
|
|
# Are we connecting to a TCP or
|
|
# UDP server? Use the same setting as
|
|
# on the server
|
|
proto udp
|
|
|
|
# The hostname/IP and port of the server.
|
|
# You can have multiple remote entries
|
|
# to load balance between the servers.
|
|
remote gw-opp.oopen.de 1195
|
|
|
|
topology subnet
|
|
|
|
# Keep trying indefinitely to resolve the
|
|
# host name of the OpenVPN server. Very useful
|
|
# on machines which are not permanently connected
|
|
# to the internet such as laptops.
|
|
resolv-retry infinite
|
|
|
|
# Most clients don't need to bind to
|
|
# a specific local port number.
|
|
nobind
|
|
|
|
# Try to preserve some state across restarts.
|
|
persist-key
|
|
persist-tun
|
|
|
|
# Server CA
|
|
<ca>
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
|
|
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
|
|
BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
|
|
T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
|
|
NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
|
|
BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
|
|
BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
|
|
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
|
|
ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
|
|
BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
|
|
75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
|
|
MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
|
|
gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
|
|
BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
|
|
GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
|
|
HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
|
|
BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
|
|
nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
|
|
JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
|
|
Y/hjEv3y78V8QA==
|
|
-----END CERTIFICATE-----
|
|
</ca>
|
|
|
|
# Client Certificate
|
|
<cert>
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIElTCCA/6gAwIBAgIBKTANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
|
|
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
|
|
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
|
|
Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE3MTIxMTE4MzA0
|
|
OFoXDTM3MTIxMTE4MzA0OFowgaoxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
|
|
aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
|
|
ZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNPUFAtVnBuLWxhcHRvcC1vcHAzMRAw
|
|
DgYDVQQpEwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCC
|
|
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOY+T33t6+MGoC2ZVVucGMp9
|
|
Bz12/5TsG1oh1L47K1CLckhVM3pUKWvYuxHPmn+cIGn9bnohrBlG2y4YNm1PkTvk
|
|
pWozI8YGYsXVKMPEKD44FuYDZJUYExmV4craQaYcmVYW6/JwwGfcDN3YvG9hB30C
|
|
dsMs9IBMQuhVl6Cg6ngecYq7e7+1LVWmoTQNOg7UAjKTKzyztIEfYznI5irprE+T
|
|
vSptv7N3m9h6Jw2yRNnkuQ/MsCdb+zKieXdV2LbQY8eYxURHT01nIuJAmOAKD7yV
|
|
RtdLNwvppxGo/Qf4GG1ZjVQR/J4jYhRkYs8NSV1BlcTT7NQD5i5pFWs/NhVmWMEC
|
|
AwEAAaOCAV4wggFaMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNB
|
|
IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU5+o1f7cxB1BbVCp8NffX
|
|
QMqfsNowgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIw
|
|
gY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
|
|
bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMw
|
|
EQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5k
|
|
ZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAW
|
|
BgNVHREEDzANggtsYXB0b3Atb3BwMzANBgkqhkiG9w0BAQsFAAOBgQBGTCJBsP42
|
|
28Lml/xQ/3QmQg4fD9x2jOo8JLmy04/iWhlXuxXITun6BrhhHWXpRirGz1XFGoF6
|
|
yw8uXWq8VXqo33oWYmp1nd4ZdQ1YKj2Swbx5UrjfGSSsY/2wzoxlEsUDyWLnFIXs
|
|
OiBrkyXKN3tdOn2y8hTP5szeXqrVKaL8Bw==
|
|
-----END CERTIFICATE-----
|
|
</cert>
|
|
|
|
# Client Key
|
|
<key>
|
|
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIPc/olWb82e8CAggA
|
|
MBQGCCqGSIb3DQMHBAjhtAZshhbq9ASCBMhnZCLp5esIptXvS4mIfbJfO1lRdMwz
|
|
cCUUw5htYnETJZ6E8f2oisM0pYKCkKEXY/C/G0lXpQYduzIDYv3dK2t1pfHbebp+
|
|
KHWWojuMmoXxcE7I4cxrf61dnz7huYHJsUGzJR43IlV9i/VFWvqcPA4ei5Ir1PLG
|
|
3Vn6IlYJlw6BhOWH5Dh7ay080rsqOuQ4rXSqhodKJ4XMal3XCLzhCUm2NyK+bgTX
|
|
kM16O+4QVhG+X8Rq+zUkyLXFuxgc/GEdOGJejHOp4u14ojVkPRD7oj2CPZjnNpen
|
|
3BvxV40lCv7XLXeeTonmWTEsdYnbGeNhFG92TCVvLA/FVo8QaIUUL9OgxIPg2Y0Q
|
|
+ui6kUZW97Q1tICvkNC5ZBWv24OXPPELJfxFvNlibw0J6osQ0HJEOxGCFUeJ6e6w
|
|
eW28vof72aW5mtaq74KBlcIfOvdC2sylKxAVIpVGV8SICz928CA16oad9nvnqSTZ
|
|
PLvDwwkQyQL2UoafxovxSHFCH2FdTDPScjfmd+M68TpVZWOpWQFnW5PDIF8ipNla
|
|
nZvWvv8826LY08YNgAUDHtXEGQWUeqB22uel1QEkFWqoVADqmGW7VANvEbuORhMG
|
|
yCbQ66wUbOmaSiAMUX965eXNBPOg7ZWoHEvAxtid94eJK8g9cXKPwKg+ggUx4CYu
|
|
Dexga2P8jYIdZfK8mfFoLuz+A5buCm/nwpEnORPIhoO9NzvGzfUeSy+BJZeM0Ol4
|
|
5eN4NuHzhSiSi6PdIf5oTOS3+lxCQe53OULsRfSZ87jF/bGTMFIR58fLCgte2JYC
|
|
6Z7C09L07+BP/c2yRrI5qiRdYf3xgjsQdQqYgYQCuIu3a/gcvGpneJH/hSTiS/Or
|
|
G5suQ56fjkh6BnPcQ/KRCtsHeR0RaZe66UR+ilI3DRSzBG5BM/+cHI2ZvETu5dsX
|
|
JsPfmvRqcZ5h/GkJ69Sw9h/6DMYvNfZ/7ABwWgS80vX879JCC/G1epjTsI584PXy
|
|
0HcWXe1ZbTECpgZE2D7dnd9yYTFlYJIdCAhdUK3MfML+rLwL6voY5Wi0+OmiAGhP
|
|
9u4jrJpY9lSnD8okZXPyeqX4zDH2F+o5NQ+6lL7rCviaLbBSsAHj255yS/FYH+Wl
|
|
4MV6uprLf1VW97Lk8KU9/uEJfBsKLls7i0zHQJcWHmiyciX7R62KTyKwzyuHdC/Y
|
|
SGy9KEUesA8281oBeIQEPQSGmJJrn90BoDu/Y8zeNOkPma0wRtSUhg8ybncHlHU9
|
|
T8cvY+ZYeHMqOUMzji4FvALqtVSzrxwmRkPhHN9CCJyY4zS2PtuyzKLUKNiL1JF/
|
|
qk5oxoaoEcC6y/eb9Z5WwjNUguvAFjzulzqZ28g47hWQ2o7blkGWv6q1EHY5H8LC
|
|
kBGvrZpXRmysDJnQs17DZi9/AxT9REtPsHSy8zXxk3b5SBBlziiPbta9UQVdas1g
|
|
u4VMXRioJ1AOoSTx9VeOKyp+3AVf8Fbrt189+ea8Hvdx74YTn97O5LFYxyYom5Yd
|
|
eKMH/s62EM+YTE0Px/7MEkXS5ShHGymp3OnmWJ5WA3Go/iBT9SWnPPVExeskhCCd
|
|
PXpHe50srF4NQXISqPWHrGdwil/TDaNbgHv9vloOqpziKAQID92C7I1beeNJ15QC
|
|
e64=
|
|
-----END ENCRYPTED PRIVATE KEY-----
|
|
</key>
|
|
|
|
# Verify server certificate by checking
|
|
# that the certicate has the nsCertType
|
|
# field set to "server". This is an
|
|
# important precaution to protect against
|
|
# a potential attack discussed here:
|
|
# http://openvpn.net/howto.html#mitm
|
|
#
|
|
# To use this feature, you will need to generate
|
|
# your server certificates with the nsCertType
|
|
# field set to "server". The build-key-serve
|
|
ns-cert-type server
|
|
|
|
# If a tls-auth key is used on the server
|
|
# then every client must also have the key.
|
|
#
|
|
# Don't forget to set the 'key-direction' Parameter if using
|
|
# Inline Key. Usualy , sever has key direction '0', while client
|
|
# has ke direction '1'.
|
|
#
|
|
key-direction 1
|
|
<tls-auth>
|
|
-----BEGIN OpenVPN Static key V1-----
|
|
ff2b7b56af351769ba703f874d389327
|
|
2e8fed8405df740d51d58eff3eb25af3
|
|
d6de19376333a9b05aa72f8b90124bbf
|
|
5ea3085029070d28952a1fe9baa392fc
|
|
4865bd5dbc58a4ccfc373d2ce772a217
|
|
17f099df7d2354e404ae7690cbc50002
|
|
151667c2af583705bd3896327917327a
|
|
a8b2c9073e58b7deabb3ad04336170b9
|
|
6fcce57b50827b0f393b7d1f0a7f6299
|
|
d15140e46f6108983234eb53b0a6d56c
|
|
6ce3815bc7f5ec9f52bc7eb680562b4f
|
|
1241f1378b774491ca817b56f1d5ba09
|
|
c25e8a4dff3610c60e4f9f3c306c15af
|
|
8a70829075343f2ab24d61560804c78a
|
|
dda39ceb12e11a0079b59dcb607166e5
|
|
567cbf1dc83c2f32f8ce1cb4576c12df
|
|
-----END OpenVPN Static key V1-----
|
|
</tls-auth>
|
|
|
|
# Select a cryptographic cipher.
|
|
# If the cipher option is used on the server
|
|
# then you must also specify it here.
|
|
|
|
# Enable compression on the VPN link.
|
|
# Don't enable this unless it is also
|
|
# enabled in the server config file.
|
|
comp-lzo
|
|
|
|
# Verbosity level.
|
|
# 0 -- quiet except for fatal errors.
|
|
# 1 -- mostly quiet, but display non-fatal network errors.
|
|
# 3 -- medium output, good for normal operation.
|
|
# 9 -- verbose, good for troubleshooting
|
|
verb 1
|
|
|
|
# Setting 'pull' on the client takes care to get the 'push' durectives
|
|
# from the server
|
|
pull
|