# Sample client-side OpenVPN 2.0 config file # # for connecting to multi-client server. # # # # This configuration can be used by multiple # # clients, however each client should have # # its own cert and key files. # # # # On Windows, you might want to rename this # # file so it has a .ovpn extension # ############################################## # Specify that we are a client and that we # will be pulling certain config file directives # from the server. client auth-user-pass #management-query-passwords #management-hold # Disable management port for debugging port issues #management 127.0.0.1 13010 ping 5 ping-exit 30 # Use the same setting as you are using on # the server. # On most systems, the VPN will not function # unless you partially or fully disable # the firewall for the TUN/TAP interface. #;dev tap dev tun # Windows needs the TAP-Win32 adapter name # from the Network Connections panel # if you have more than one. On XP SP2, # you may need to disable the firewall # for the TAP adapter. ;dev-node MyTap # Are we connecting to a TCP or # UDP server? Use the same setting as # on the server. proto tcp ;proto udp # The hostname/IP and port of the server. # You can have multiple remote entries # to load balance between the servers. # All VPN Servers are added at the very end ;remote my-server-2 1194 # Choose a random host from the remote # list for load-balancing. Otherwise # try hosts in the order specified. # We order the hosts according to number of connections. # So no need to randomize the list # remote-random # Keep trying indefinitely to resolve the # host name of the OpenVPN server. Very useful # on machines which are not permanently connected # to the internet such as laptops. resolv-retry infinite # Most clients don't need to bind to # a specific local port number. nobind # Downgrade privileges after initialization (non-Windows only) ;user nobody ;group nobody # Try to preserve some state across restarts. persist-key persist-tun # If you are connecting through an # HTTP proxy to reach the actual OpenVPN # server, put the proxy server/IP and # port number here. See the man page # if your proxy server requires # authentication. ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] # Wireless networks often produce a lot # of duplicate packets. Set this flag # to silence duplicate packet warnings. ;mute-replay-warnings # SSL/TLS parms. # See the server config file for more # description. It's best to use # a separate .crt/.key file pair # for each client. A single ca # file can be used for all clients. ca ./keys/ca.crt cert ./keys/hmauser.crt key ./keys/hmauser.key # Verify server certificate by checking # that the certicate has the nsCertType # field set to "server". This is an # important precaution to protect against # a potential attack discussed here: # http://openvpn.net/howto.html#mitm # # To use this feature, you will need to generate # your server certificates with the nsCertType # field set to "server". The build-key-server # script in the easy-rsa folder will do this. ;ns-cert-type server # If a tls-auth key is used on the server # then every client must also have the key. ;tls-auth ta.key 1 # Select a cryptographic cipher. # If the cipher option is used on the server # then you must also specify it here. ;cipher x # Enable compression on the VPN link. # Don't enable this unless it is also # enabled in the server config file. #comp-lzo # Set log file verbosity. verb 3 # Silence repeating messages ;mute 20 # Detect proxy auto matically #auto-proxy # Need this for Vista connection issue route-metric 1 # Get rid of the cached password warning #auth-nocache #show-net-up #dhcp-renew #dhcp-release #route-delay 0 120 # added to prevent MITM attack ns-cert-type server # # Remote servers added dynamically by the master server # DO NOT CHANGE below this line # remote-random remote 74.115.209.4 443 # 0 remote 209.172.61.44 443 # 0 remote 67.215.247.138 443 # 0 remote 188.65.76.130 443 # 0 remote 96.44.161.130 443 # 0 remote 178.16.22.2 443 # 0 remote 109.123.79.244 443 # 0 remote 38.78.192.2 443 # 0 remote 46.4.73.107 443 # 0 remote 173.254.206.130 443 # 0 remote 64.31.33.2 443 # 0 remote 38.121.77.70 443 # 0 remote 173.208.45.130 443 # 0 remote 115.69.31.162 443 # 0 remote 83.167.240.130 443 # 0 remote 213.229.83.26 443 # 0 remote 38.121.77.66 443 # 0 remote 38.121.77.78 443 # 0 remote 208.43.175.43 443 # 0 remote 66.71.247.34 443 # 0 remote 72.8.129.154 443 # 0 remote 188.116.36.3 443 # 0 remote 173.254.206.2 443 # 0 remote 94.103.41.2 443 # 0 remote 173.234.233.226 443 # 0 remote 173.234.157.210 443 # 0 remote 173.234.157.218 443 # 0 remote 78.129.173.130 443 # 0 remote 76.73.47.66 443 # 0 remote 72.11.140.130 443 # 0 remote 79.142.65.5 443 # 0 remote 95.154.230.133 443 # 0 remote 69.195.132.2 443 # 0 remote 74.50.113.23 443 # 0 remote 209.172.61.42 443 # 0 remote 69.72.252.122 443 # 0 remote 216.155.158.132 443 # 0 remote 76.73.47.74 443 # 0 remote 63.141.239.18 443 # 0 remote 85.153.34.160 443 # 0 remote 74.115.210.4 443 # 0 remote 109.73.66.130 443 # 0 remote 72.46.129.194 443 # 0 remote 208.53.170.100 443 # 0 remote 212.117.186.58 443 # 0 remote 206.51.238.95 443 # 0 remote 94.100.17.2 443 # 0 remote 94.46.3.151 443 # 0 remote 173.254.207.2 443 # 0 remote 74.115.212.2 443 # 0 remote 208.76.52.160 443 # 0 remote 79.172.193.107 443 # 0 remote 38.78.193.130 443 # 0 remote 38.121.77.74 443 # 0 remote 38.121.77.82 443 # 0 remote 195.242.152.2 443 # 0 remote 173.242.116.200 443 # 0 remote 66.71.253.74 443 # 0 remote 180.92.187.82 443 # 0 remote 174.34.178.146 443 # 0 remote 178.17.165.66 443 # 0 remote 67.205.85.182 443 # 0 remote 64.31.35.2 443 # 0