183 lines
6.7 KiB
Plaintext
183 lines
6.7 KiB
Plaintext
##############################################
|
|
# Sample client-side OpenVPN 2.0 config file #
|
|
# for connecting to multi-client server. #
|
|
# #
|
|
# This configuration can be used by multiple #
|
|
# clients, however each client should have #
|
|
# its own cert and key files. #
|
|
# #
|
|
# On Windows, you might want to rename this #
|
|
# file so it has a .ovpn extension #
|
|
##############################################
|
|
|
|
# Specify that we are a client and that we
|
|
# will be pulling certain config file directives
|
|
# from the server.
|
|
client
|
|
|
|
# Use the same setting as you are using on
|
|
# the server.
|
|
# On most systems, the VPN will not function
|
|
# unless you partially or fully disable
|
|
# the firewall for the TUN/TAP interface.
|
|
;dev tap
|
|
dev tun
|
|
|
|
# Are we connecting to a TCP or
|
|
# UDP server? Use the same setting as
|
|
# on the server
|
|
proto udp
|
|
|
|
# The hostname/IP and port of the server.
|
|
# You can have multiple remote entries
|
|
# to load balance between the servers.
|
|
remote gw-opp.oopen.de 1194
|
|
|
|
topology subnet
|
|
|
|
# Keep trying indefinitely to resolve the
|
|
# host name of the OpenVPN server. Very useful
|
|
# on machines which are not permanently connected
|
|
# to the internet such as laptops.
|
|
resolv-retry infinite
|
|
|
|
# Most clients don't need to bind to
|
|
# a specific local port number.
|
|
nobind
|
|
|
|
# Try to preserve some state across restarts.
|
|
persist-key
|
|
persist-tun
|
|
|
|
# Server CA
|
|
<ca>
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
|
|
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
|
|
BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
|
|
T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
|
|
NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
|
|
BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
|
|
BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
|
|
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
|
|
ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
|
|
BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
|
|
75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
|
|
MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
|
|
gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
|
|
BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
|
|
GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
|
|
HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
|
|
BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
|
|
nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
|
|
JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
|
|
Y/hjEv3y78V8QA==
|
|
-----END CERTIFICATE-----
|
|
</ca>
|
|
|
|
# Client Certificate
|
|
<cert>
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIDrTCCAxagAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
|
|
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
|
|
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
|
|
Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTEzMTkx
|
|
MFoXDTE4MDUxNzEzMTkxMFowgYExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
|
|
aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEW
|
|
MBQGA1UEAxMNT1BQLVZwbi1jaHJpczEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
|
|
ZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKZ8ei4OsN/qAkPpipXs
|
|
M9KpuihqNi9m1dzT1LEAMxg80aBNzKXHIgeFDzp94CAqDRdKEHPGLDR+rB+LHG4x
|
|
Gzvx7vRqMelaPTFPW7qOuMegYyOzfkrIzzxuTzV0loiUNm1Xqp+gcW2WLRkSZrzr
|
|
xXmSCi8uwDeScuBvYGjde+GfAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwGCWCG
|
|
SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
|
|
FgQUNBKw7jurj9fRbOw5po4SKu4CDQswgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsW
|
|
ssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
|
|
aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
|
|
ZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcN
|
|
AQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GB
|
|
AAZIwXWsEwIwbt4Rj45EBVl22JwjV+dTlyrFoY4RPMAoV8h92Umrh//+cuvMVzPT
|
|
hwrGUzcjFlFNKrm5U2kEmfG9nhgViCvqKo16aj5lnF7H+nTlteFa/XYw814Q+RKi
|
|
rDAsrJfwVMOfZAEsDEdr/Lmscuh9ZPphej5rZIRxnCFB
|
|
-----END CERTIFICATE-----
|
|
</cert>
|
|
|
|
# Client Key
|
|
<key>
|
|
-----BEGIN RSA PRIVATE KEY-----
|
|
MIICXQIBAAKBgQCmfHouDrDf6gJD6YqV7DPSqbooajYvZtXc09SxADMYPNGgTcyl
|
|
xyIHhQ86feAgKg0XShBzxiw0fqwfixxuMRs78e70ajHpWj0xT1u6jrjHoGMjs35K
|
|
yM88bk81dJaIlDZtV6qfoHFtli0ZEma868V5kgovLsA3knLgb2Bo3XvhnwIDAQAB
|
|
AoGAOdvYuljwr2CsGN35A9Fq0TObNqBy5FZgzLXxnPHsz+eTEpr3HEXwVZywhito
|
|
0MTMd+ONhC7C/htnxi6aWtFGHSdr2xpVS/WUzSgBIlskb5XzJhMf54tbG+PN1dpA
|
|
UG1S2wSRa5rQC2ifX6t3m0UwpMlymtimVxzH5YR7/cwD08ECQQDZ0OG1DqjdYQfH
|
|
PJKH+xat7HI55FV9aWhjH/t2KJcT72wnoKJfjzG5aW8ePAXMX++J6PP28s1HQcXB
|
|
/R3vrQczAkEAw6wG8tFazT0+hNBcT63VsoAW7FxsZp0ME1kFNdceZbbcPMH2SDdR
|
|
QXFLarBCcYnvKthwO9Xeyz93J6k5ZQXL5QJAKf1kpZzP3O2JrFT3ApPbCWhdlN95
|
|
w5WAdCuENIEartMnDHShGL7oHRBARZnYnE+aRAHOljq0bBo332/GR6AZlQJBAKQS
|
|
Vk07AOGBzi99qzngsISZZR9SLE8qtppulbDcrY9qcme72DAbulWekzdljoE3wMTz
|
|
ccCqh8Nzdw1Zl1e/MYUCQQC+p3L5N0j/lC17/jCDWQ424UKCo9Kml9obBcKXW32X
|
|
s2V6x1PgpLcouXzVAgXjlNwbcIRJMEivDYTr3frW9sUT
|
|
-----END RSA PRIVATE KEY-----
|
|
</key>
|
|
|
|
# Verify server certificate by checking
|
|
# that the certicate has the nsCertType
|
|
# field set to "server". This is an
|
|
# important precaution to protect against
|
|
# a potential attack discussed here:
|
|
# http://openvpn.net/howto.html#mitm
|
|
#
|
|
# To use this feature, you will need to generate
|
|
# your server certificates with the nsCertType
|
|
# field set to "server". The build-key-serve
|
|
ns-cert-type server
|
|
|
|
# If a tls-auth key is used on the server
|
|
# then every client must also have the key.
|
|
#
|
|
# Don't forget to set the 'key-direction' Parameter if using
|
|
# Inline Key. Usualy , sever has key direction '0', while client
|
|
# has ke direction '1'.
|
|
#
|
|
key-direction 1
|
|
<tls-auth>
|
|
-----BEGIN OpenVPN Static key V1-----
|
|
ff2b7b56af351769ba703f874d389327
|
|
2e8fed8405df740d51d58eff3eb25af3
|
|
d6de19376333a9b05aa72f8b90124bbf
|
|
5ea3085029070d28952a1fe9baa392fc
|
|
4865bd5dbc58a4ccfc373d2ce772a217
|
|
17f099df7d2354e404ae7690cbc50002
|
|
151667c2af583705bd3896327917327a
|
|
a8b2c9073e58b7deabb3ad04336170b9
|
|
6fcce57b50827b0f393b7d1f0a7f6299
|
|
d15140e46f6108983234eb53b0a6d56c
|
|
6ce3815bc7f5ec9f52bc7eb680562b4f
|
|
1241f1378b774491ca817b56f1d5ba09
|
|
c25e8a4dff3610c60e4f9f3c306c15af
|
|
8a70829075343f2ab24d61560804c78a
|
|
dda39ceb12e11a0079b59dcb607166e5
|
|
567cbf1dc83c2f32f8ce1cb4576c12df
|
|
-----END OpenVPN Static key V1-----
|
|
</tls-auth>
|
|
|
|
# Select a cryptographic cipher.
|
|
# If the cipher option is used on the server
|
|
# then you must also specify it here.
|
|
|
|
# Enable compression on the VPN link.
|
|
# Don't enable this unless it is also
|
|
# enabled in the server config file.
|
|
comp-lzo
|
|
|
|
# Verbosity level.
|
|
# 0 -- quiet except for fatal errors.
|
|
# 1 -- mostly quiet, but display non-fatal network errors.
|
|
# 3 -- medium output, good for normal operation.
|
|
# 9 -- verbose, good for troubleshooting
|
|
verb 1
|
|
|
|
# Setting 'pull' on the client takes care to get the 'push' durectives
|
|
# from the server
|
|
pull
|