186 lines
6.8 KiB
Plaintext
186 lines
6.8 KiB
Plaintext
##############################################
|
|
# Sample client-side OpenVPN 2.0 config file #
|
|
# for connecting to multi-client server. #
|
|
# #
|
|
# This configuration can be used by multiple #
|
|
# clients, however each client should have #
|
|
# its own cert and key files. #
|
|
# #
|
|
# On Windows, you might want to rename this #
|
|
# file so it has a .ovpn extension #
|
|
##############################################
|
|
|
|
# Specify that we are a client and that we
|
|
# will be pulling certain config file directives
|
|
# from the server.
|
|
client
|
|
|
|
# Use the same setting as you are using on
|
|
# the server.
|
|
# On most systems, the VPN will not function
|
|
# unless you partially or fully disable
|
|
# the firewall for the TUN/TAP interface.
|
|
;dev tap
|
|
dev tun
|
|
|
|
# Are we connecting to a TCP or
|
|
# UDP server? Use the same setting as
|
|
# on the server
|
|
proto udp
|
|
|
|
# The hostname/IP and port of the server.
|
|
# You can have multiple remote entries
|
|
# to load balance between the servers.
|
|
remote gw-opp.oopen.de 1194
|
|
|
|
topology subnet
|
|
|
|
# Keep trying indefinitely to resolve the
|
|
# host name of the OpenVPN server. Very useful
|
|
# on machines which are not permanently connected
|
|
# to the internet such as laptops.
|
|
resolv-retry infinite
|
|
|
|
# Most clients don't need to bind to
|
|
# a specific local port number.
|
|
nobind
|
|
|
|
# Try to preserve some state across restarts.
|
|
persist-key
|
|
persist-tun
|
|
|
|
# Server CA
|
|
<ca>
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
|
|
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
|
|
BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
|
|
T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
|
|
NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
|
|
BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
|
|
BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
|
|
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
|
|
ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
|
|
BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
|
|
75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
|
|
MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
|
|
gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
|
|
BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
|
|
GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
|
|
HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
|
|
BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
|
|
nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
|
|
JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
|
|
Y/hjEv3y78V8QA==
|
|
-----END CERTIFICATE-----
|
|
</ca>
|
|
|
|
# Client Certificate
|
|
<cert>
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIDrjCCAxegAwIBAgIBGDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
|
|
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
|
|
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
|
|
Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEyMTIyMzAyMjEx
|
|
OFoXDTIyMTIyMTAyMjExOFowgYIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
|
|
aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEX
|
|
MBUGA1UEAxMOT1BQLVZwbi1tYXJjdXMxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
|
|
cGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYjd4rAReGsVYhl9Q+
|
|
9JpnXLI9kXTqvpPPijklpsXggo/u+F1lWiC8Ti07xl7vAAhag3ha/FTqjWGDYa2X
|
|
l/LPYS3AzeFr76rdJe3PToxLAFZrmgCXOGZBCXhjHMpBX9XG7KVno9ccmXhRxBk0
|
|
QqYH3wPM5nt5jSf+eQXsNLjuaQIDAQABo4IBIzCCAR8wCQYDVR0TBAIwADAsBglg
|
|
hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
|
|
BBYEFMF+61oxtK9x4AUQlfqRWUOVSflyMIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7
|
|
FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
|
|
bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
|
|
bmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3
|
|
DQEJARYOYXJndXNAb29wZW4uZGWCCQDXRBSLVaPfiDANBgkqhkiG9w0BAQQFAAOB
|
|
gQChe4cGuoK3Y9dyUPct+jhLKAUGeSDqIgwgSLah4vpd6SNKPFMklapbAENAi8d2
|
|
u0C7ZCY9sY+17f7NCqSvzs5crPxGgXhLxFDg+uWfBDHYbnqnMvGJ5N7KUye1gF7F
|
|
ypHHq6STIdjGaqx2ZunhqlM7tX4jmtyrzpkaVdrtuv79LA==
|
|
-----END CERTIFICATE-----
|
|
</cert>
|
|
|
|
# Client Key
|
|
<key>
|
|
-----BEGIN RSA PRIVATE KEY-----
|
|
Proc-Type: 4,ENCRYPTED
|
|
DEK-Info: DES-EDE3-CBC,17B9907A94C0924E
|
|
|
|
krHc1xE84ce/mYSlw95UdKuic+wC1J1cAIMq170+Lez43232Qy9/evNW8lVl7BXS
|
|
9fs9ayCX8Xdr5lyCOxWukZQ6Lk2tySBCkdTFnhDQgUXjwx9tNqLmMkajF/GrGyJ0
|
|
Tn+LQG5r6Z05ogE+4naWH12iE9OMqGNNIebbNbmTc1jYMUtKgWIuQkpe+9DMWBN+
|
|
PhKHM7BA420Z9E74KmkhmAJYdHgSle7U7Ca27IY/u9gXUoa+MxLsET+KTY665NJq
|
|
KP8+H9Hsw3zVQmu2XR9s/UfayOFYcMJBEATI9K7dBDB3zTblcYHmFfXSxpAW7AZz
|
|
bbFHmpitgkzC657Xw6d/TRktYGQbNbi6Zwsc2dcQuyHtpiF443fN77m5N4g/7IgQ
|
|
MghSlTImS+K9r357UQN43cXRIpgEoKk+22H/fLGtxVDlkYmx9MNzXnmGNooJFIkS
|
|
FcV164sSr3FOSZ6oQANsRNIJtHy79gUyh0fgPzng7kKrNwsQCVsTzsdglZEXDCLt
|
|
BbKpiAB8JcB/EHHR/vx0xj0LJPWskVj8v07GKwQCvW8mD0oKnm9OuDAzXUvR/bj+
|
|
mv0yYA2ZRvJeC7ZFYIanzmmMH5EuoKLsFzvp+79+beKDD24x8xbQVjxi5cmfzH6s
|
|
pfXY6suLB4wtzVbj+TzMPuP+W12V5oShO2Q0ifUuBMkgUNEyem593l72yy1CERcf
|
|
O9gR8hUpP0yHCFRhds00EkllKDvb9FixL8EWO9JGVLZhLuYead5yOcop0tdT2aXT
|
|
v8kWDFBcGdNg9u7HgjapeTKjBnI1bYNsC5knB1TugR41PcJUN5qCRw==
|
|
-----END RSA PRIVATE KEY-----
|
|
</key>
|
|
|
|
# Verify server certificate by checking
|
|
# that the certicate has the nsCertType
|
|
# field set to "server". This is an
|
|
# important precaution to protect against
|
|
# a potential attack discussed here:
|
|
# http://openvpn.net/howto.html#mitm
|
|
#
|
|
# To use this feature, you will need to generate
|
|
# your server certificates with the nsCertType
|
|
# field set to "server". The build-key-serve
|
|
ns-cert-type server
|
|
|
|
# If a tls-auth key is used on the server
|
|
# then every client must also have the key.
|
|
#
|
|
# Don't forget to set the 'key-direction' Parameter if using
|
|
# Inline Key. Usualy , sever has key direction '0', while client
|
|
# has ke direction '1'.
|
|
#
|
|
key-direction 1
|
|
<tls-auth>
|
|
-----BEGIN OpenVPN Static key V1-----
|
|
ff2b7b56af351769ba703f874d389327
|
|
2e8fed8405df740d51d58eff3eb25af3
|
|
d6de19376333a9b05aa72f8b90124bbf
|
|
5ea3085029070d28952a1fe9baa392fc
|
|
4865bd5dbc58a4ccfc373d2ce772a217
|
|
17f099df7d2354e404ae7690cbc50002
|
|
151667c2af583705bd3896327917327a
|
|
a8b2c9073e58b7deabb3ad04336170b9
|
|
6fcce57b50827b0f393b7d1f0a7f6299
|
|
d15140e46f6108983234eb53b0a6d56c
|
|
6ce3815bc7f5ec9f52bc7eb680562b4f
|
|
1241f1378b774491ca817b56f1d5ba09
|
|
c25e8a4dff3610c60e4f9f3c306c15af
|
|
8a70829075343f2ab24d61560804c78a
|
|
dda39ceb12e11a0079b59dcb607166e5
|
|
567cbf1dc83c2f32f8ce1cb4576c12df
|
|
-----END OpenVPN Static key V1-----
|
|
</tls-auth>
|
|
|
|
# Select a cryptographic cipher.
|
|
# If the cipher option is used on the server
|
|
# then you must also specify it here.
|
|
|
|
# Enable compression on the VPN link.
|
|
# Don't enable this unless it is also
|
|
# enabled in the server config file.
|
|
comp-lzo
|
|
|
|
# Verbosity level.
|
|
# 0 -- quiet except for fatal errors.
|
|
# 1 -- mostly quiet, but display non-fatal network errors.
|
|
# 3 -- medium output, good for normal operation.
|
|
# 9 -- verbose, good for troubleshooting
|
|
verb 1
|
|
|
|
# Setting 'pull' on the client takes care to get the 'push' durectives
|
|
# from the server
|
|
pull
|