############################################### Sample client-side OpenVPN 2.0

1. ##############################################
2. # Sample client-side OpenVPN 2.0 config file #
3. # for connecting to multi-client server.     #
4. #                                            #
5. # This configuration can be used by multiple #
6. # clients, however each client should have   #
7. # its own cert and key files.                #
8. #                                            #
9. # On Windows, you might want to rename this  #
10. # file so it has a .ovpn extension           #
11. ##############################################
12.  
13. # Specify that we are a client and that we
14. # will be pulling certain config file directives
15. # from the server.
16. client
17.  
18. # Use the same setting as you are using on
19. # the server.
20. # On most systems, the VPN will not function
21. # unless you partially or fully disable
22. # the firewall for the TUN/TAP interface.
23. ;dev tap
24. dev tun
25.  
26. # Windows needs the TAP-Win32 adapter name
27. # from the Network Connections panel
28. # if you have more than one.  On XP SP2,
29. # you may need to disable the firewall
30. # for the TAP adapter.
31. ;dev-node MyTap
32.  
33. # Are we connecting to a TCP or
34. # UDP server?  Use the same setting as
35. # on the server.
36. ;proto tcp
37. proto udp
38.  
39.  
40. # The hostname/IP and port of the server.
41. # You can have multiple remote entries
42. # to load balance between the servers.
43. remote 192.168.1.4 1194
44. ;remote my-server-2 1194
45.  
46. # Choose a random host from the remote
47. # list for load-balancing.  Otherwise
48. # try hosts in the order specified.
49. ;remote-random
50.  
51. # Keep trying indefinitely to resolve the
52. # host name of the OpenVPN server.  Very useful
53. # on machines which are not permanently connected
54. # to the internet such as laptops.
55. resolv-retry infinite
56.  
57. # Most clients don't need to bind to
58. # a specific local port number.
59.  
60. nobind
61.  
62. # Downgrade privileges after initialization (non-Windows only)
63. user nobody
64. group nobody
65.  
66. # Try to preserve some state across restarts.
67. persist-key
68. persist-tun
69.  
70. # If you are connecting through an
71. # HTTP proxy to reach the actual OpenVPN
72. # server, put the proxy server/IP and
73. # port number here.  See the man page
74. # if your proxy server requires
75. # authentication.
76. ;http-proxy-retry # retry on connection failures
77. ;http-proxy [proxy server] [proxy port #]
78.  
79. # Wireless networks often produce a lot
80. # of duplicate packets.  Set this flag
81. # to silence duplicate packet warnings.
82. ;mute-replay-warnings
83.  
84. # SSL/TLS parms.
85. # See the server config file for more
86. # description.  It's best to use
87. # a separate .crt/.key file pair
88. # for each client.  A single ca
89. # file can be used for all clients.
90. ca /etc/pki/CA/ca.crt
91. cert /etc/pki/CA/rw.crt
92. key /etc/pki/CA/rw.key
93.  
94. ;route 10.70.0.0 255.255.255.0 192.168.2.8
95.  
96. # Verify server certificate by checking that the
97. # certicate has the correct key usage set.
98. # This is an important precaution to protect against
99. # a potential attack discussed here:
100. #  http://openvpn.net/howto.html#mitm
101. #
102. # To use this feature, you will need to generate
103. # your server certificates with the keyUsage set to
104. #   digitalSignature, keyEncipherment
105. # and the extendedKeyUsage to
106. #   serverAuth
107. # EasyRSA can do this for you.
108. #remote-cert-tls server
109.  
110. # If a tls-auth key is used on the server
111. # then every client must also have the key.
112. remote-cert-ku server
113. tls-auth ta.key 1
114.  
115. # Select a cryptographic cipher.
116. # If the cipher option is used on the server
117. # then you must also specify it here.
118. # Note that 2.4 client/server will automatically
119. # negotiate AES-256-GCM in TLS mode.
120. # See also the ncp-cipher option in the manpage
121. cipher AES-256-CBC
122.  
123. # Enable compression on the VPN link.
124. # Don't enable this unless it is also
125. # enabled in the server config file.
126. comp-lzo
127.  
128. # Set log file verbosity.
129. verb 3
130.  
131. # Silence repeating messages
132. ;mute 20
133.  
134. auth-user-pass