229 lines
9.1 KiB
Plaintext
229 lines
9.1 KiB
Plaintext
##############################################
|
|
# Sample client-side OpenVPN 2.0 config file #
|
|
# for connecting to multi-client server. #
|
|
# #
|
|
# This configuration can be used by multiple #
|
|
# clients, however each client should have #
|
|
# its own cert and key files. #
|
|
# #
|
|
# On Windows, you might want to rename this #
|
|
# file so it has a .ovpn extension #
|
|
##############################################
|
|
|
|
# Specify that we are a client and that we
|
|
# will be pulling certain config file directives
|
|
# from the server.
|
|
client
|
|
|
|
# Use the same setting as you are using on
|
|
# the server.
|
|
# On most systems, the VPN will not function
|
|
# unless you partially or fully disable
|
|
# the firewall for the TUN/TAP interface.
|
|
;dev tap
|
|
dev tun
|
|
|
|
# Are we connecting to a TCP or
|
|
# UDP server? Use the same setting as
|
|
# on the server
|
|
proto udp
|
|
|
|
# The hostname/IP and port of the server.
|
|
# You can have multiple remote entries
|
|
# to load balance between the servers.
|
|
remote gw-ah.oopen.de 1194
|
|
|
|
topology subnet
|
|
|
|
# Keep trying indefinitely to resolve the
|
|
# host name of the OpenVPN server. Very useful
|
|
# on machines which are not permanently connected
|
|
# to the internet such as laptops.
|
|
resolv-retry infinite
|
|
|
|
# Most clients don't need to bind to
|
|
# a specific local port number.
|
|
nobind
|
|
|
|
# Try to preserve some state across restarts.
|
|
persist-key
|
|
persist-tun
|
|
|
|
# Server CA
|
|
<ca>
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIFDDCCA/SgAwIBAgIJAP5ZrV6+kAU+MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
|
|
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
|
|
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
|
|
VlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8G
|
|
CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDYyNzIzMDc1NloX
|
|
DTQ5MDYyNzIzMDc1NlowgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
|
|
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
|
|
b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQp
|
|
ExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
|
|
ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFxAf/gwUw+PD7
|
|
xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
|
|
k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
|
|
A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
|
|
w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
|
|
0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
|
|
68jXrrmvAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUToIeFIHrm8hxLLEiaJC/7tnU
|
|
/9QwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9ShgbqkgbcwgbQx
|
|
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
|
|
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYD
|
|
VQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2FuemxlaSBLaWVs
|
|
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+Wa1evpAFPjAM
|
|
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxLfN8SL5ANfwfU0OKi0MH
|
|
cXlk2czIC9pcfrMaVp6gWgUKEqmNAC7NOqv8rN+fHXmfQhQ58s7SDqEJgYlfpwyW
|
|
mAIT6D72NN2z8t4iYhu48R1fV+Ml7g9LfCtSOpJXezpzylKvNKAQL7QYOYsfZN1N
|
|
SCIDyf9Ub65GLDiWmi3nrOUBlYO0yFddJ3c1MtU3aUAucMZGGGwORtEswqVzMcw1
|
|
ZbQppHcWiwJ4nFNmTC6d2nct1ELrv2ckaaPT+HazFHVtiqkQ2yoYQwoZhjZqOAPp
|
|
uxIR5f7mS9PtugPSuvf4aftN+7DZq6otfTEmOoIoN0dznV60Jc8xTQkzHuNRjwVi
|
|
-----END CERTIFICATE-----
|
|
</ca>
|
|
|
|
# Client Certificate
|
|
<cert>
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIFdDCCBFygAwIBAgIBDDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
|
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
|
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
|
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
|
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MjAwMTE3MDZaFw0zODA2MjAw
|
|
MTE3MDZaMIG/MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
|
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
|
aWNlczEkMCIGA1UEAxMbVlBOLUthbnpsZWktS2llbC1oaC1rYW56bGVpMRkwFwYD
|
|
VQQpExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1A
|
|
b29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVUuQpDwsH
|
|
vxSAvH4nppLzlcXizzUA/Wvn6cIysA3GO5nY9LKt5s2O4SWljMguYC8ta00jmK4G
|
|
WfPyzarzZLxEBCosSsemxKUS4pW1hiPJFjgdoXwnWY6DsaeFFPFzKdyH84cM+8gD
|
|
6XTLujYJnbG1rjQUqV6yi8EiwxfVxPDQAyNpvI37wxsr7abTNNKjvlZTAZd/DRgF
|
|
7vTI4Nw1XWQxtam4kST4hKdd6ugnUyf9FfVaX06P3j316hhgoqXH2UfCPZlI+6CJ
|
|
R/vmkB1FYplta3xKhHMRGGbhqTqvpK2ATNpZNGXZbVYd2Ly5FlMtbmDZrutbsbyk
|
|
aptkZtZ72hMHAgMBAAGjggGCMIIBfjAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQg
|
|
Fh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEY6Tztq
|
|
ocSJTcTYSs/N9DVPHK4/MIHpBgNVHSMEgeEwgd6AFE6CHhSB65vIcSyxImiQv+7Z
|
|
1P/UoYG6pIG3MIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYD
|
|
VQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBT
|
|
ZXJ2aWNlczEZMBcGA1UEAxMQVlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBO
|
|
IEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRl
|
|
ggkA/lmtXr6QBT4wEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBUG
|
|
A1UdEQQOMAyCCmhoLWthbnpsZWkwDQYJKoZIhvcNAQELBQADggEBAFAUWaRuXrg0
|
|
U8ksk3p7T86JrIi4jarr6VPt3DBXiFnplhXhqhUGBh6eWLd3q5DHSrh1Ll47jpAq
|
|
O5hyknrbDnf4JWpg6RxTxj5dmvIWvBvInlyxpjnk1vudCDm09yU5hYZht9XVjWAQ
|
|
DeRe6F1wqFjRZk33f1Pies/xJVdW+rQG23VuNp0OwIVvri3i1qBuDV/Cb/XQXdlU
|
|
YsCG4IS2fLWU3DO4DaKCQh7TGhLJDSlPrwB+7UN419p8IPpQs+3eUTGM4He6153K
|
|
iGvBeR4wfB8HVKX+Ro4O33Xa/Hcvvkl9FCgBF6dVJ1nmhBm4GWstMhIw8nnBuzl/
|
|
YzBrq2Xgzsw=
|
|
-----END CERTIFICATE-----
|
|
</cert>
|
|
|
|
# Client Key
|
|
<key>
|
|
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIz79jvbHv3DACAggA
|
|
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECPE3o5ZalTfQBIIEyMw6MfxJ1fA5
|
|
+84OUNHDJ/9BvnQu/0EbX6YkZIZgZ37zxvYR8NRMHqRdsR5oTqigbOgkSQTx7JEA
|
|
M2p3uEi4nrz9Rle+T6ZALHaTQcQcUe3ZgpksyUXTQjVnKm+riZpK+jmoYpdPUfQo
|
|
TyKb3FeuNxOoqyyruxiDyoyxtQvgz0SuibDrOX+GyM2HbXkZPD6JjZuW7U/TFriF
|
|
0+R7Eog718e/0bisKlPs//3gktx0QyApc3RMQjKaXBrCS5xlwgsj/OAAitjBhwl3
|
|
XP9FgoP/is/8pu7LERuqt3exwYk3QaJrruUkhxscupXCi1doe/Nql4cpZAiAVTQ2
|
|
m0QDSj0PSqy7vAZwZ+R3DttZMHcPEtAsrzBFpcVhKnKte7bGk4k0ICRIZMI1wVJI
|
|
uRK4ihPj2d38Bff3YuNoCjTlzETtOXMP5+UP3oH8fY7qb7P/QRp8Yp1lapL4NMgv
|
|
fJyNyyQAg08K3XHhEZVF9I3N6KCiVPi8K5Uteb7r/kjXuQ+nOzxvzTPqjW+7huT/
|
|
kbh5AIcMVUCxHvME9Au7yLpuy1T70TyW5zqmE1feZkVQE76oj8BAkhmhRAuvaCES
|
|
ZglwSmTA1bYDPVs8/nnRB2VjcWYjus0oSC0xdiOAYRH0KuW59DgfMttaxXh4/9Mb
|
|
uXsu/2HU3nOxrXEzBHUDOEb+ja/kKOrU0TrsdcpPGVqlMFHjEDEr7oEWVoIH7iGw
|
|
4McLH9Q6054DczfJrfavhkx+Pk5Fb3nTfPH753ugCrPz733w0ugi2IKEzJXgAXOx
|
|
3cTBVr6mOw3ctQ+7D9bOHIEAk4Gfgf+DdTlLRbDTIBB/OWiPjp2x7D+eu1oVMlOU
|
|
5gkSadlklwkwe3dGjWsSjK5g+HE8rlBZbYTEe2gko1S5s7+v7jn2rP+2cY8DHASG
|
|
UiPghE5+MC9W++5PizQyLaR5FNO6/GzbzalrtGeE7F4s2MnRjUotDKFfZdWeOdFJ
|
|
zpv4GzNU36BH9WCbW3jrZMH0uDBt6lVoU+t7uwIvDnrAXY+FwodaffS7xWhNWm5r
|
|
h3yGnHQzz17ZDUAnMRSOjejb32PmNq2M5StlnY80MBzKptE0qYuvW+BzpsMyYSFz
|
|
2T3jhJmYwPsPoKE/O2xPVg2wGExss4UQyZUoV/rvtE+WTXUsYUzsjwBIV6DD0ux0
|
|
PGDbO7yO83izhn3VlWRq6Re0n6CLXmyCg7nVi0Iuw93dHfUQWcuKCKE8uwRA5QE+
|
|
3edHSYOtTZ/PLH+Uh+Qp6m11GiYhY3S+vlJ0l1FBfx07KCfOzbxBtB8lHK9q3XaY
|
|
bZOBPDMs/Wx31O48L/i19OycBELKwoPUQTjEId6kgYMHxgjXO7XbHrN4Ryxw9ydT
|
|
Iij3WOKaeICUmaSG/dx5luKJ6BV2ZJyJF3vKWVUMtpamEeqfFevxAMgTC9zh7D9+
|
|
1WhNCPvvgJ5OXsfdUMcUnENnGdcSfznOG/BlKVRG7niGKjvk4DtdjZfHMI0TXqiV
|
|
Krn4GcJFZjMVxG16TFxpCVK6M52CV3WoGgg2YLp1bop1bbv4zwE3gk00EILcRKfF
|
|
UZrEn+5QF7XsS4Ym85y9DrOc1Oag3AFxwqT/cZuX7cfEDR6JE/ZQ8IGuQnH1sRkk
|
|
5Gw1p3AFAgSy7ADVtsF/kA==
|
|
-----END ENCRYPTED PRIVATE KEY-----
|
|
</key>
|
|
|
|
# Verify server certificate by checking
|
|
# that the certicate has the nsCertType
|
|
# field set to "server". This is an
|
|
# important precaution to protect against
|
|
# a potential attack discussed here:
|
|
# http://openvpn.net/howto.html#mitm
|
|
#
|
|
# To use this feature, you will need to generate
|
|
# your server certificates with the nsCertType
|
|
# field set to "server". The build-key-server
|
|
# script in the easy-rsa folder will do this.
|
|
#
|
|
# Note!
|
|
# The option "ns-cert-type" has been deprecated since
|
|
# version 2.4 and will be removed from later distributions.
|
|
#
|
|
# Use the modern equivalent "remote-cert-tls"
|
|
#
|
|
;ns-cert-type server
|
|
remote-cert-tls server
|
|
|
|
# If a tls-auth key is used on the server
|
|
# then every client must also have the key.
|
|
#
|
|
# Don't forget to set the 'key-direction' Parameter if using
|
|
# Inline Key. Usualy , sever has key direction '0', while client
|
|
# has ke direction '1'.
|
|
#
|
|
key-direction 1
|
|
<tls-auth>
|
|
-----BEGIN OpenVPN Static key V1-----
|
|
36188fa3977457d267ecae99373870f5
|
|
ef6e44a8899d4f5ccc831e9d2dbc31ac
|
|
e171c7e8e49e0d2edd43c3834a2d0099
|
|
236aa4924c80971b0a34310eb69b70e2
|
|
fbe85a7395cc10bea13ad09efa46d738
|
|
f594c332d26c068b289ba96bbb1f661d
|
|
efb873b76137057a62b4e27b522cfce6
|
|
aef7ea67ec2540b00b4782780352addf
|
|
2f7722d1edd40a8f3de3b0295e2da07e
|
|
b46d196a4cbfd85e47739dc320af6584
|
|
eb960e2c5ba27bf2f56381f8eb3ceaf7
|
|
cc72d829ab05aaca6fbb205b78606ff8
|
|
cc58bc336adb644adfb0034f9974b7d9
|
|
f2b1308249cd74ecb555a550af6af1ad
|
|
b15a3f03ecef5f89fa70d2fada97a1b8
|
|
6179b0d487a6e3196209d053597a7416
|
|
-----END OpenVPN Static key V1-----
|
|
</tls-auth>
|
|
|
|
# Select a cryptographic cipher.
|
|
# If the cipher option is used on the server
|
|
# then you must also specify it here.
|
|
;cipher BF-CBC # Blowfish (default)
|
|
;cipher AES-128-CBC # AES
|
|
;cipher DES-EDE3-CBC # Triple-DES
|
|
cipher AES-256-CBC
|
|
|
|
# Enable compression on the VPN link.
|
|
# Don't enable this unless it is also
|
|
# enabled in the server config file.
|
|
;comp-lzo
|
|
comp-lzo
|
|
|
|
# Verbosity level.
|
|
# 0 -- quiet except for fatal errors.
|
|
# 1 -- mostly quiet, but display non-fatal network errors.
|
|
# 3 -- medium output, good for normal operation.
|
|
# 9 -- verbose, good for troubleshooting
|
|
verb 1
|
|
|
|
# Setting 'pull' on the client takes care to get the 'push' durectives
|
|
# from the server
|
|
pull
|