Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##############################################
- # Sample client-side OpenVPN 2.0 config file #
- # for connecting to multi-client server. #
- # #
- # This configuration can be used by multiple #
- # clients, however each client should have #
- # its own cert and key files. #
- # #
- # On Windows, you might want to rename this #
- # file so it has a .ovpn extension #
- ##############################################
- # Specify that we are a client and that we
- # will be pulling certain config file directives
- # from the server.
- client
- # Use the same setting as you are using on
- # the server.
- # On most systems, the VPN will not function
- # unless you partially or fully disable
- # the firewall for the TUN/TAP interface.
- ;dev tap
- dev tun
- # Windows needs the TAP-Win32 adapter name
- # from the Network Connections panel
- # if you have more than one. On XP SP2,
- # you may need to disable the firewall
- # for the TAP adapter.
- ;dev-node MyTap
- # Are we connecting to a TCP or
- # UDP server? Use the same setting as
- # on the server.
- ;proto tcp
- proto udp
- # The hostname/IP and port of the server.
- # You can have multiple remote entries
- # to load balance between the servers.
- remote 74.91.122.204 1194
- ;remote my-server-2 1194
- # Choose a random host from the remote
- # list for load-balancing. Otherwise
- # try hosts in the order specified.
- ;remote-random
- # Keep trying indefinitely to resolve the
- # host name of the OpenVPN server. Very useful
- # on machines which are not permanently connected
- # to the internet such as laptops.
- resolv-retry infinite
- # Most clients don't need to bind to
- # a specific local port number.
- nobind
- # Downgrade privileges after initialization (non-Windows only)
- ;user nobody
- ;group nogroup
- # Try to preserve some state across restarts.
- persist-key
- persist-tun
- # If you are connecting through an
- # HTTP proxy to reach the actual OpenVPN
- # server, put the proxy server/IP and
- # port number here. See the man page
- # if your proxy server requires
- # authentication.
- ;http-proxy-retry # retry on connection failures
- ;http-proxy [proxy server] [proxy port #]
- # Wireless networks often produce a lot
- # of duplicate packets. Set this flag
- # to silence duplicate packet warnings.
- ;mute-replay-warnings
- # SSL/TLS parms.
- # See the server config file for more
- # description. It's best to use
- # a separate .crt/.key file pair
- # for each client. A single ca
- # file can be used for all clients.
- # Verify server certificate by checking
- # that the certicate has the nsCertType
- # field set to "server". This is an
- # important precaution to protect against
- # a potential attack discussed here:
- # http://openvpn.net/howto.html#mitm
- #
- # To use this feature, you will need to generate
- # your server certificates with the nsCertType
- # field set to "server". The build-key-server
- # script in the easy-rsa folder will do this.
- ns-cert-type server
- # If a tls-auth key is used on the server
- # then every client must also have the key.
- ;tls-auth ta.key 1
- # Select a cryptographic cipher.
- # If the cipher option is used on the server
- # then you must also specify it here.
- ;cipher x
- # Enable compression on the VPN link.
- # Don't enable this unless it is also
- # enabled in the server config file.
- comp-lzo
- # Set log file verbosity.
- verb 3
- # Silence repeating messages
- ;mute 20
- <ca>
- -----BEGIN CERTIFICATE-----
- MIIFEjCCA/qgAwIBAgIJAOZWExRz9vFmMA0GCSqGSIb3DQEBCwUAMIG2MQswCQYD
- VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG
- A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p
- dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw
- HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wHhcNMTUwNDA0MTk0MzUz
- WhcNMjUwNDAxMTk0MzUzWjCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUw
- EwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEdMBsG
- A1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVuc3Rv
- biBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0
- Lm15ZG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjIKNc1d
- 167Z0D+TL9W/AZna7hQC8GKL7VykVGm1bXF8owxLZHFYE5olZSY/oRt9v0KO2aJk
- ZlOOJhCcZG1cXeOhxmj2N/dK4p0LJ+LPJt/uCK4klCPqWNrjRFfxMVCEZ43em5GM
- ZI5SHC+qXzFYezrbOp5G73+MeKV66F/+4Jqbwxz6zBaZj6f8K+yiu1Nt/onTawwV
- Ar0y60t8cML4pkuEGWGA0x4RlS5Bkj25yeLa0XpJvkzX3t/mNecg5LQmBayQYBeb
- 82bIFVCSalcpyC8erCQewlq+K/GYPbdXnB1S9gpkMLr4IQQpZc/seZYUxoyp3m/U
- HiPFv3Dv0XP7ywIDAQABo4IBHzCCARswHQYDVR0OBBYEFKPhRpARXRpiwPIrmmWc
- GD6qs8VLMIHrBgNVHSMEgeMwgeCAFKPhRpARXRpiwPIrmmWcGD6qs8VLoYG8pIG5
- MIG2MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5j
- aXNjbzEVMBMGA1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXph
- dGlvbmFsVW5pdDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdF
- YXN5UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQDmVhMU
- c/bxZjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCcEol3LSKoH/FR
- 6+FrzhxV9X7JSBUysYMU+yeKckgX9aqhcSwv7H1ToMSdF4+1OiDKNJ52YAMKOY8L
- tq2JC5SJEqRQfVFSJrNSA+sqgmgRZnWh2OM+w4mRvqLV7BtnocNmuO0IyKqrzvgG
- 81unwMUfnIvbD2u5WiKk+ZCFZL83NtCSqcDZEpfi+BAvi7CkNOg6Ge4ick+D4UJd
- aJ99tJHKaV3EgiI3Tpg81BP3/JNbVUZyCAzN5Z/gTPfP4ze2caI5f/Vzl2Z0ilNy
- bqPDT7xlMtUQhgxF84pl+aoaqQT1PqHJqjWfzM9IfwulOy8UxOtrYXHeg4D1/OE5
- RahEC3xu
- -----END CERTIFICATE-----
- </ca>
- <cert>
- Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 2 (0x2)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
- Validity
- Not Before: Apr 4 19:43:53 2015 GMT
- Not After : Apr 1 19:43:53 2025 GMT
- Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=client/name=EasyRSA/emailAddress=me@myhost.mydomain
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:a8:f0:9c:18:7b:91:d2:3c:69:19:2f:29:ca:17:
- 71:a2:bf:fe:c0:d8:66:51:d8:16:63:b5:95:62:cf:
- cb:e6:d7:24:85:a3:4b:fd:d6:b0:d7:e8:8f:e0:ba:
- e7:11:3f:9f:81:82:57:26:30:2a:70:80:d7:23:39:
- e6:ff:d2:b4:7a:94:18:64:71:93:ef:2c:79:10:2a:
- 4a:c5:d8:a1:a0:0d:5a:ba:8c:55:8c:fa:38:62:da:
- ad:a0:f5:22:43:9a:fb:05:b1:f3:38:23:33:06:72:
- a4:fd:25:a6:32:7b:a0:87:67:6c:a7:c4:9f:48:ed:
- 9c:f7:9f:3d:21:9f:e3:dd:d2:da:35:08:53:b7:d4:
- e5:e0:07:75:be:9c:b7:b3:c3:37:de:bd:a9:9a:44:
- 7e:d8:53:98:fd:f6:70:31:cf:ca:5e:1e:d6:33:ce:
- 1c:82:c5:c4:1c:aa:bb:d0:66:f6:22:da:71:89:4b:
- a3:38:78:ec:a5:df:88:92:85:53:fc:8b:15:6e:25:
- 84:29:4f:d2:da:c8:a2:d0:91:f4:4e:01:d6:7f:62:
- bf:b5:b1:d5:a6:0e:4b:f7:3f:83:e7:b3:38:d4:f6:
- 4e:09:56:bf:61:0c:65:d9:93:26:8a:af:a6:bb:21:
- 3f:46:5f:57:7b:50:d6:29:fa:f1:76:c1:6e:a5:6e:
- e9:5f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- Easy-RSA Generated Certificate
- X509v3 Subject Key Identifier:
- 0C:CD:88:5A:BA:8C:A7:02:BB:0E:03:55:DC:19:41:A9:7A:B7:94:C8
- X509v3 Authority Key Identifier:
- keyid:A3:E1:46:90:11:5D:1A:62:C0:F2:2B:9A:65:9C:18:3E:AA:B3:C5:4B
- DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
- serial:E6:56:13:14:73:F6:F1:66
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- Signature Algorithm: sha256WithRSAEncryption
- 1a:a7:30:5d:b3:6e:83:75:3c:0d:ce:e1:ee:15:10:8c:17:0a:
- 4d:09:b5:c3:aa:48:66:63:47:59:90:0b:8a:62:ad:e8:7e:f4:
- df:70:0a:98:c7:9d:1b:2a:d7:1b:69:85:11:a2:08:78:74:0a:
- 07:e5:7d:f7:f3:5a:6a:a5:51:fb:77:9e:bb:b5:68:2c:92:bf:
- 0d:2b:88:6a:b8:68:f9:55:f9:83:c5:9c:34:10:e9:b4:9d:46:
- d3:2f:9c:d6:a4:5d:57:1d:c4:c7:a2:f3:c7:92:8d:34:cf:7a:
- 07:56:27:c6:76:d5:d2:b8:bc:68:19:a9:2f:0a:c0:df:57:13:
- 90:00:81:48:2a:a4:15:f4:44:c3:38:51:2e:fc:83:8a:49:e6:
- 3b:58:90:d7:32:c8:1b:4d:e9:b3:f2:29:0f:02:4e:c2:c9:8c:
- 07:96:34:92:3a:5d:63:dd:6a:7e:70:5b:8d:ac:08:a5:da:d1:
- 1f:61:23:3b:9c:ce:53:62:38:21:c2:1f:a7:a3:7e:a4:13:a4:
- b3:80:22:9e:1e:fa:59:f0:3c:f4:94:1e:d7:b8:ad:f0:4b:a8:
- 43:1b:08:ee:bf:8b:bb:2f:4f:52:3c:6d:f4:96:8d:91:ea:55:
- b6:78:3c:c6:31:17:1d:01:6a:50:f7:0a:e6:b1:c9:17:42:9d:
- 1d:b8:49:81
- -----BEGIN CERTIFICATE-----
- MIIFTzCCBDegAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx
- CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
- cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV
- BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3
- DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE1MDQwNDE5NDM1M1oXDTI1MDQw
- MTE5NDM1M1owga0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM
- U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15
- T3JnYW5pemF0aW9uYWxVbml0MQ8wDQYDVQQDEwZjbGllbnQxEDAOBgNVBCkTB0Vh
- c3lSU0ExITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjCCASIwDQYJ
- KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKjwnBh7kdI8aRkvKcoXcaK//sDYZlHY
- FmO1lWLPy+bXJIWjS/3WsNfoj+C65xE/n4GCVyYwKnCA1yM55v/StHqUGGRxk+8s
- eRAqSsXYoaANWrqMVYz6OGLaraD1IkOa+wWx8zgjMwZypP0lpjJ7oIdnbKfEn0jt
- nPefPSGf493S2jUIU7fU5eAHdb6ct7PDN969qZpEfthTmP32cDHPyl4e1jPOHILF
- xByqu9Bm9iLacYlLozh47KXfiJKFU/yLFW4lhClP0trIotCR9E4B1n9iv7Wx1aYO
- S/c/g+ezONT2TglWv2EMZdmTJoqvprshP0ZfV3tQ1in68XbBbqVu6V8CAwEAAaOC
- AW0wggFpMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
- YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUDM2IWrqMpwK7DgNV3BlBqXq3lMgw
- gesGA1UdIwSB4zCB4IAUo+FGkBFdGmLA8iuaZZwYPqqzxUuhgbykgbkwgbYxCzAJ
- BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUw
- EwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15T3JnYW5pemF0aW9uYWxV
- bml0MRgwFgYDVQQDEw9Gb3J0LUZ1bnN0b24gQ0ExEDAOBgNVBCkTB0Vhc3lSU0Ex
- ITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpboIJAOZWExRz9vFmMBMG
- A1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOC
- AQEAGqcwXbNug3U8Dc7h7hUQjBcKTQm1w6pIZmNHWZALimKt6H7033AKmMedGyrX
- G2mFEaIIeHQKB+V99/NaaqVR+3eeu7VoLJK/DSuIarho+VX5g8WcNBDptJ1G0y+c
- 1qRdVx3Ex6Lzx5KNNM96B1YnxnbV0ri8aBmpLwrA31cTkACBSCqkFfREwzhRLvyD
- iknmO1iQ1zLIG03ps/IpDwJOwsmMB5Y0kjpdY91qfnBbjawIpdrRH2EjO5zOU2I4
- IcIfp6N+pBOks4Ainh76WfA89JQe17it8EuoQxsI7r+Luy9PUjxt9JaNkepVtng8
- xjEXHQFqUPcK5rHJF0KdHbhJgQ==
- -----END CERTIFICATE-----
- </cert>
- <key>
- -----BEGIN PRIVATE KEY-----
- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCo8JwYe5HSPGkZ
- LynKF3Giv/7A2GZR2BZjtZViz8vm1ySFo0v91rDX6I/guucRP5+BglcmMCpwgNcj
- Oeb/0rR6lBhkcZPvLHkQKkrF2KGgDVq6jFWM+jhi2q2g9SJDmvsFsfM4IzMGcqT9
- JaYye6CHZ2ynxJ9I7Zz3nz0hn+Pd0to1CFO31OXgB3W+nLezwzfevamaRH7YU5j9
- 9nAxz8peHtYzzhyCxcQcqrvQZvYi2nGJS6M4eOyl34iShVP8ixVuJYQpT9LayKLQ
- kfROAdZ/Yr+1sdWmDkv3P4PnszjU9k4JVr9hDGXZkyaKr6a7IT9GX1d7UNYp+vF2
- wW6lbulfAgMBAAECggEATtS/sfjvSW/hBtxoHqIj53K5uFkCHcy8XdiclZgrKFNZ
- +nYBfrhQmt8tTAtKyVSr5G3iprIxC4BDY2+gZ911VAGJBE2vXxqcfzuM2pdEi//P
- R182iGs2JoKuJH5ed7d4zOaFfLuIEskqTenkjIf9l1FedUadoRUnerC2gNswJBB+
- XWTQofugMrWa6jSpLi6A963S5SC/ZmEnTPo+XThzO1f3D35hjh1gUUmyIppLAhjV
- f+2wj9Dp9p/fc8m+JyBaogFwqM0XfsgutPeH9/RXWPQhuMNq2rY5TvCyQhmr2PEZ
- SYCVCFy2G7p4wUME+18JQq3/dzS+9iBYh6HSCdYvwQKBgQDbkA/l9neYUGcaQCka
- F0dLsseTxInbv50Er69nIMh+XmieSBoDJRgDGsckBGWPYMhbRhgBrY229f69VsIo
- p/lvOt3XL2xUKLQb4ni0gKFWZJh1+GhW4no2NYsYKiijpsNUOwQjluKFLfoFdd/u
- 2KKZip2rdFGbv7IEDkjNVtBzoQKBgQDE+eDL7L3uKxTYj7mYg7dfpqsQ6bsZ+ZwJ
- cWpPEAz13GARIg/9TS39KEd/9AQqyrYIOdl16oFzHmvbFT6rlBGWpMJvFfN29jDo
- 5aiQnSXXPxm5pYlrwp+cqmyk+d+NDADQR5sbbQ+ljJP1y8ZD4bDgs95iTwmw2AD2
- hCKX83I8/wKBgQCELQS1Hpu+kOCQmAFmWI8uDfFBjrajGIYRFSZVwhGQqYr3hlZK
- gGElNVCe6RqupsfW0qqPEAjZFNwG5Zy61uw9PsXfzge73kkW5E5f83Osy6BQnHtL
- msmRqsgSgwa2BiVepqyGNEYngJccBGsLoVS5dA4Y8kxSo6Mp9+Nx4gpZIQKBgQCE
- uRZGcfOcSn0WWumkoYPquIPltofyvaTtG/WU5mzFMUOt57S8acfGH+Dlj4dLSiGT
- s18au/OTnPjxuwPqWq/rQIMelLzi+IoGM9D7+FdqDMOJuse4y3/+8TqZgyClimP1
- 83nI5hi35NxBr5edX7JuBeSfe0A9X55ufKROnKPqAwKBgDSSfio6Wt0EQM7joNXR
- RAQYHSi9Mi82C21YnBaPO5GBBHl+CVYohpUqC4Hlm3rExFoFEPm6h+p/d883DCcz
- 6DWHWO2jjFzKC7nGl6jwQiNKCuOQeh/alqHCVyKUFQySstlXkln6Oylv4wWnYRdx
- 7KaQSbjX+hdFFgY1OvFb3shE
- -----END PRIVATE KEY-----
- </key>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement