Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##############################################
- # Sample client-side OpenVPN 2.0 config file #
- # for connecting to multi-client server. #
- # #
- # This configuration can be used by multiple #
- # clients, however each client should have #
- # its own cert and key files. #
- # #
- # On Windows, you might want to rename this #
- # file so it has a .ovpn extension #
- ##############################################
- # Specify that we are a client and that we
- # will be pulling certain config file directives
- # from the server.
- client
- # Use the same setting as you are using on
- # the server.
- # On most systems, the VPN will not function
- # unless you partially or fully disable
- # the firewall for the TUN/TAP interface.
- ;dev tap
- dev tun
- # Windows needs the TAP-Win32 adapter name
- # from the Network Connections panel
- # if you have more than one. On XP SP2,
- # you may need to disable the firewall
- # for the TAP adapter.
- ;dev-node MyTap
- # Are we connecting to a TCP or
- # UDP server? Use the same setting as
- # on the server.
- proto tcp
- ;proto udp
- # The hostname/IP and port of the server.
- # You can have multiple remote entries
- # to load balance between the servers.
- remote my-server-1 443
- ;remote my-server-2 1194
- # Choose a random host from the remote
- # list for load-balancing. Otherwise
- # try hosts in the order specified.
- ;remote-random
- # Keep trying indefinitely to resolve the
- # host name of the OpenVPN server. Very useful
- # on machines which are not permanently connected
- # to the internet such as laptops.
- resolv-retry infinite
- # Most clients don't need to bind to
- # a specific local port number.
- nobind
- # Downgrade privileges after initialization (non-Windows only)
- user nobody
- group nogroup
- # Try to preserve some state across restarts.
- persist-key
- persist-tun
- # If you are connecting through an
- # HTTP proxy to reach the actual OpenVPN
- # server, put the proxy server/IP and
- # port number here. See the man page
- # if your proxy server requires
- # authentication.
- ;http-proxy-retry # retry on connection failures
- ;http-proxy [proxy server] [proxy port #]
- # Wireless networks often produce a lot
- # of duplicate packets. Set this flag
- # to silence duplicate packet warnings.
- ;mute-replay-warnings
- # SSL/TLS parms.
- # See the server config file for more
- # description. It's best to use
- # a separate .crt/.key file pair
- # for each client. A single ca
- # file can be used for all clients.
- #ca ca.crt
- #cert client.crt
- #key client.key
- # Verify server certificate by checking that the
- # certicate has the correct key usage set.
- # This is an important precaution to protect against
- # a potential attack discussed here:
- # http://openvpn.net/howto.html#mitm
- #
- # To use this feature, you will need to generate
- # your server certificates with the keyUsage set to
- # digitalSignature, keyEncipherment
- # and the extendedKeyUsage to
- # serverAuth
- # EasyRSA can do this for you.
- remote-cert-tls server
- # If a tls-auth key is used on the server
- # then every client must also have the key.
- ;tls-auth ta.key 1
- # Select a cryptographic cipher.
- # If the cipher option is used on the server
- # then you must also specify it here.
- cipher AES-128-CBC
- auth SHA256
- # Enable compression on the VPN link.
- # Don't enable this unless it is also
- # enabled in the server config file.
- comp-lzo
- # Set log file verbosity.
- verb 3
- # Silence repeating messages
- ;mute 20
- key-direction 1
- # script-security 2
- # up /etc/openvpn/update-resolv-conf
- # down /etc/openvpn/update-resolv-conf
- <ca>
- -----BEGIN CERTIFICATE-----
- MIIEujCCA6KgAwIBAgIJANHSTPrtyJ0SMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
- VQQGEwJWTjEMMAoGA1UECBMDSENNMRIwEAYDVQQHEwlIb0NoaU1pbmgxDDAKBgNV
- BAoTA1VJVDESMBAGA1UECxMJQ29tbXVuaXR5MQ8wDQYDVQQDEwZVSVQgQ0ExDzAN
- BgNVBCkTBnNlcnZlcjEkMCIGCSqGSIb3DQEJARYVY29naWFwaHVjOTdAZ21haWwu
- Y29tMB4XDTE5MDMyMzAxMzAwM1oXDTI5MDMyMDAxMzAwM1owgZkxCzAJBgNVBAYT
- AlZOMQwwCgYDVQQIEwNIQ00xEjAQBgNVBAcTCUhvQ2hpTWluaDEMMAoGA1UEChMD
- VUlUMRIwEAYDVQQLEwlDb21tdW5pdHkxDzANBgNVBAMTBlVJVCBDQTEPMA0GA1UE
- KRMGc2VydmVyMSQwIgYJKoZIhvcNAQkBFhVjb2dpYXBodWM5N0BnbWFpbC5jb20w
- ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc62Oqm6anQnSxnrskyzN8
- Lb/YlA/gk0EnjtDYNdnYlIOBgSO8OWyReNdyFmGxfr8XusGZgqhc+0Yq0G8Wl6s3
- NPhum6pYDUfWHBXKcQUHEENSiHobXOVgwrI+kEwAo8ffHBxnrO283/0WsU3aWsr8
- T68vQ67W6K2udh+0PwTqwiWVfuuamFxiR3IWTO3wicaicqXQ/tmrBut4babmgmAR
- GF1xjzJ9BO1VVYkyymlCUr6inCuzXvtD8y+uQTFkCoX+c449ofEwmaTdV/m4YX9p
- Ql5uM9P8dDfM9BuEtDiTtIGzlr6zfSCHruackMXJMPK5E91pDuPVey7q8mA8PhXh
- AgMBAAGjggEBMIH+MB0GA1UdDgQWBBQgMsZWcR0zH0KzVJBDoqTTgpr1LDCBzgYD
- VR0jBIHGMIHDgBQgMsZWcR0zH0KzVJBDoqTTgpr1LKGBn6SBnDCBmTELMAkGA1UE
- BhMCVk4xDDAKBgNVBAgTA0hDTTESMBAGA1UEBxMJSG9DaGlNaW5oMQwwCgYDVQQK
- EwNVSVQxEjAQBgNVBAsTCUNvbW11bml0eTEPMA0GA1UEAxMGVUlUIENBMQ8wDQYD
- VQQpEwZzZXJ2ZXIxJDAiBgkqhkiG9w0BCQEWFWNvZ2lhcGh1Yzk3QGdtYWlsLmNv
- bYIJANHSTPrtyJ0SMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBACck
- yrdlY5MTuMi2dBkneuBXmu1Hhul8l5Ov9ZCaVREiLJBZLAa2v+5/tKNKGBtD7Bo3
- cTeucuJutXfCo2I3h6H6Kd68grXyXvAVlRQq7VAir5+6ND2NNJ1tF2VdTwYiePG5
- TsXTeXwB9RqDpLqZFM7Rma2ebN/S9zsRETMoiZBOAoUnYUfAp72A3lh7CDIH52um
- Yq/H+h2UvtL8AMPC7vMHI2/1mFb0LPmS2mdtkDUrPBiuVf1eiREBJqK/tK7/0P4K
- PzVDcF/7hy1hmrW4B//sWpU23FZnIe9CdOAq5Rd0tLaEM82S52kCBi73DZeD5giZ
- T38qYka2S37QZY005Qg=
- -----END CERTIFICATE-----
- </ca>
- <cert>
- Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 2 (0x2)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C=VN, ST=HCM, L=HoChiMinh, O=UIT, OU=Community, CN=UIT CA/name=server/emailAddress=cogiaphuc97@gmail.com
- Validity
- Not Before: Mar 23 01:31:31 2019 GMT
- Not After : Mar 20 01:31:31 2029 GMT
- Subject: C=VN, ST=HCM, L=HoChiMinh, O=UIT, OU=Community, CN=client1/name=server/emailAddress=cogiaphuc97@gmail.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:b3:51:4d:93:09:4e:4c:02:d8:75:d0:c3:db:10:
- 61:c7:0d:24:1f:94:f8:0a:48:92:88:76:54:e9:1f:
- c9:7d:ca:8e:37:0d:16:1b:c8:24:28:4c:52:e6:d9:
- 99:5f:87:4b:26:b3:d8:ce:73:78:f9:ab:e1:eb:94:
- e3:ad:93:a3:b2:38:95:59:97:5e:b5:57:2b:7b:58:
- 3d:b3:38:47:90:ef:cb:e7:0c:b2:3c:f3:8c:5d:85:
- 5f:c4:02:f8:a4:93:ba:f2:dc:8c:9d:25:4b:1a:19:
- e7:e0:65:67:96:e8:cb:70:15:f6:20:37:77:09:19:
- 46:61:46:5e:c0:b3:04:50:b2:f8:89:78:70:0d:e8:
- 4a:86:e5:d3:fe:d4:2a:cb:9c:be:26:cb:32:71:44:
- 47:f8:8a:15:fd:61:ea:66:e2:0d:68:03:07:64:a9:
- 21:41:7a:c2:80:74:d9:af:93:0f:09:18:33:41:12:
- 5b:6e:79:84:75:91:5e:86:d8:75:f8:8a:55:ff:7f:
- 7d:da:3b:19:67:77:7c:10:ab:d8:6a:ad:51:6f:aa:
- 09:9d:5e:98:0e:b4:f2:dc:ce:5c:88:68:3f:08:8c:
- ad:aa:17:e3:c5:05:1f:56:33:ac:34:b9:14:86:cb:
- 01:cb:6e:ec:37:27:2f:3f:12:8c:2f:76:ba:e2:8c:
- d8:83
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- Easy-RSA Generated Certificate
- X509v3 Subject Key Identifier:
- 4B:7F:3A:3D:F9:DF:F5:68:9F:D8:77:0E:95:C3:07:3A:0F:86:BB:77
- X509v3 Authority Key Identifier:
- keyid:20:32:C6:56:71:1D:33:1F:42:B3:54:90:43:A2:A4:D3:82:9A:F5:2C
- DirName:/C=VN/ST=HCM/L=HoChiMinh/O=UIT/OU=Community/CN=UIT CA/name=server/emailAddress=cogiaphuc97@gmail.com
- serial:D1:D2:4C:FA:ED:C8:9D:12
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- X509v3 Subject Alternative Name:
- DNS:client1
- Signature Algorithm: sha256WithRSAEncryption
- 61:bb:e0:07:08:67:77:ba:2c:59:59:f7:f8:0f:9c:65:90:6d:
- b5:6e:c3:13:ce:ca:87:aa:a3:ae:71:86:9a:6c:10:25:d0:8e:
- e3:c8:28:c5:49:d1:e9:43:5f:f7:1c:d9:75:5c:03:b3:4e:34:
- 96:a0:5d:ce:f6:0b:17:77:76:26:3a:b6:73:a5:58:c0:63:e2:
- 39:a6:61:fe:bc:f7:9e:33:c7:6e:53:ca:d1:8e:8d:66:df:c0:
- 00:5f:8d:80:41:e0:7d:ac:3b:6d:62:0c:01:38:45:ca:de:41:
- eb:9e:54:33:58:67:31:2d:cd:02:e2:43:55:9f:cd:4f:9e:80:
- 7b:90:d9:76:8c:51:38:d3:eb:b6:ff:f3:b9:2d:b2:4e:3d:59:
- e3:66:29:1d:a2:13:51:a1:ac:da:ee:3a:fa:b5:5e:62:55:13:
- 26:61:11:1f:59:0f:d0:ea:63:25:78:27:01:a7:71:e8:4c:e2:
- db:5b:5d:89:6e:46:9e:c2:68:15:83:df:fa:f9:1c:aa:77:e1:
- d6:31:47:8d:46:c2:9b:7e:c0:be:72:1b:3d:56:ce:62:0b:71:
- c0:c1:ee:30:dc:d4:02:c1:15:4b:35:2f:90:d5:a5:f3:4a:7d:
- c7:f3:e4:69:40:c8:e2:d4:c0:25:7f:cd:e6:a5:d7:db:40:7e:
- b6:52:0b:73
- -----BEGIN CERTIFICATE-----
- MIIFFjCCA/6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVk4x
- DDAKBgNVBAgTA0hDTTESMBAGA1UEBxMJSG9DaGlNaW5oMQwwCgYDVQQKEwNVSVQx
- EjAQBgNVBAsTCUNvbW11bml0eTEPMA0GA1UEAxMGVUlUIENBMQ8wDQYDVQQpEwZz
- ZXJ2ZXIxJDAiBgkqhkiG9w0BCQEWFWNvZ2lhcGh1Yzk3QGdtYWlsLmNvbTAeFw0x
- OTAzMjMwMTMxMzFaFw0yOTAzMjAwMTMxMzFaMIGaMQswCQYDVQQGEwJWTjEMMAoG
- A1UECBMDSENNMRIwEAYDVQQHEwlIb0NoaU1pbmgxDDAKBgNVBAoTA1VJVDESMBAG
- A1UECxMJQ29tbXVuaXR5MRAwDgYDVQQDEwdjbGllbnQxMQ8wDQYDVQQpEwZzZXJ2
- ZXIxJDAiBgkqhkiG9w0BCQEWFWNvZ2lhcGh1Yzk3QGdtYWlsLmNvbTCCASIwDQYJ
- KoZIhvcNAQEBBQADggEPADCCAQoCggEBALNRTZMJTkwC2HXQw9sQYccNJB+U+ApI
- koh2VOkfyX3KjjcNFhvIJChMUubZmV+HSyaz2M5zePmr4euU462To7I4lVmXXrVX
- K3tYPbM4R5Dvy+cMsjzzjF2FX8QC+KSTuvLcjJ0lSxoZ5+BlZ5boy3AV9iA3dwkZ
- RmFGXsCzBFCy+Il4cA3oSobl0/7UKsucvibLMnFER/iKFf1h6mbiDWgDB2SpIUF6
- woB02a+TDwkYM0ESW255hHWRXobYdfiKVf9/fdo7GWd3fBCr2GqtUW+qCZ1emA60
- 8tzOXIhoPwiMraoX48UFH1YzrDS5FIbLActu7DcnLz8SjC92uuKM2IMCAwEAAaOC
- AWQwggFgMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
- YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUS386Pfnf9Wif2HcOlcMHOg+Gu3cw
- gc4GA1UdIwSBxjCBw4AUIDLGVnEdMx9Cs1SQQ6Kk04Ka9SyhgZ+kgZwwgZkxCzAJ
- BgNVBAYTAlZOMQwwCgYDVQQIEwNIQ00xEjAQBgNVBAcTCUhvQ2hpTWluaDEMMAoG
- A1UEChMDVUlUMRIwEAYDVQQLEwlDb21tdW5pdHkxDzANBgNVBAMTBlVJVCBDQTEP
- MA0GA1UEKRMGc2VydmVyMSQwIgYJKoZIhvcNAQkBFhVjb2dpYXBodWM5N0BnbWFp
- bC5jb22CCQDR0kz67cidEjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMC
- B4AwEgYDVR0RBAswCYIHY2xpZW50MTANBgkqhkiG9w0BAQsFAAOCAQEAYbvgBwhn
- d7osWVn3+A+cZZBttW7DE87Kh6qjrnGGmmwQJdCO48goxUnR6UNf9xzZdVwDs040
- lqBdzvYLF3d2Jjq2c6VYwGPiOaZh/rz3njPHblPK0Y6NZt/AAF+NgEHgfaw7bWIM
- AThFyt5B655UM1hnMS3NAuJDVZ/NT56Ae5DZdoxRONPrtv/zuS2yTj1Z42YpHaIT
- UaGs2u46+rVeYlUTJmERH1kP0OpjJXgnAadx6Ezi21tdiW5GnsJoFYPf+vkcqnfh
- 1jFHjUbCm37AvnIbPVbOYgtxwMHuMNzUAsEVSzUvkNWl80p9x/PkaUDI4tTAJX/N
- 5qXX20B+tlILcw==
- -----END CERTIFICATE-----
- </cert>
- <key>
- -----BEGIN PRIVATE KEY-----
- MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCzUU2TCU5MAth1
- 0MPbEGHHDSQflPgKSJKIdlTpH8l9yo43DRYbyCQoTFLm2Zlfh0sms9jOc3j5q+Hr
- lOOtk6OyOJVZl161Vyt7WD2zOEeQ78vnDLI884xdhV/EAvikk7ry3IydJUsaGefg
- ZWeW6MtwFfYgN3cJGUZhRl7AswRQsviJeHAN6EqG5dP+1CrLnL4myzJxREf4ihX9
- Yepm4g1oAwdkqSFBesKAdNmvkw8JGDNBEltueYR1kV6G2HX4ilX/f33aOxlnd3wQ
- q9hqrVFvqgmdXpgOtPLczlyIaD8IjK2qF+PFBR9WM6w0uRSGywHLbuw3Jy8/Eowv
- drrijNiDAgMBAAECggEBAIlDaEVwry3CU95D01kCfkZ3ybofN4vvp7OsGS1m9r9C
- 6YA8lTrpBryOSDuMQDp+/0j+DK1keSttpn/GNk6toHYRmEm/dHEN7Cv8DSb+otHQ
- rd4MuverWzxPl1IdECYzK70ylLTKUmYFhJkiJpy/UNNZDFH3AzjEzzoxOuD5aAk4
- 3rRiXRME+FvFuzSSU8B51v6l0vJlzKqYf4TR/Q6G6slYePyWitVgiWIe2IU7pspk
- tEg35+mP8pFHDdtFi47pyshBK/TKu7ypXvbXmIffqW2gdMYya09X9r61iNsIsSPd
- xDItEoU8//zUPE+Cr9bPRBiS7Itlwexa9oSg/TejY8ECgYEA2fMyMo5iU/0oaIdF
- 9VPZzON4tIY5AN60P72GueWcepRuTyukk7sCyTW6m6u7FyFEfmrdTULmKeXgPHLu
- FHwrXN0ZSol/0uSUBWmxQNpSONzhrtTii9CB4sRBMjFzXdCMZICKq78CxCJ9k1MT
- TEGMuMwYMSeu6KABPBM7nj+3wyECgYEA0p+D9pcyGBIlhnsDORzB6MOZ7NRrOSMg
- f2fcXSCwMW9rNeH5VZo1yNnuO6WXVY9VhvoUf3F4tJjBt4/ntnvBwK4dAKiTTm8l
- BzZ7ObfXbt40dW1tKj6UrpXOoijG8SrxcOOdP6/AU/ToeQ2UNgcFvWGgcTquHEQo
- tzpQupByyyMCgYEAh1XbSsddSVf+2oF9MGxD51Uso7Rg+yhO9vGCEjcA5qD6qlCo
- Xk+W2Ehzuqx1fVRcCr/i8VHkSAoFJqQbMD82UfC8/qrI47SqMX5C4clvmv2VahGp
- JzZvINfKwBcy0wNn2hRzh1gRqKbeIThJ2GUvs6SQNR22H58ThTFQKODaA+ECgYBF
- sPxkOpEbv91kyw0895P95cLnxz2XUVUucvpKYkeKg/hwgs4Skg0b4WhfmiIh8GR3
- XgYsSSqMb0Mh7t7X1ck9bR8xmZXsTQBui4tohLkm+SVYeZW2dbCSuAUASQfSwsfS
- 962PZiL4ZMALVf/lhJtUl5oT/TuhJLhoMEaIBMXHCwKBgQDCUKUoQ1Ry2tIrFEE9
- M8JFcQGI7Rb0YRqfv7FSuQ5k9dK1WN0AmHaz5C/t9HE9576h2K1tBGuxHimcUEIn
- PjBp+INv88pdP/p7O7UPWsNe+eRwaFwp0Txv2TkwX714FAWS+F2DCF0hJajntRVh
- aAUuFpXQn7mrx6Th99ES4btPuw==
- -----END PRIVATE KEY-----
- </key>
- <tls-auth>
- #
- # 2048 bit OpenVPN static key
- #
- -----BEGIN OpenVPN Static key V1-----
- 500d594070ae1abcf4421d9c0662bb2a
- 9ab72271a7907ae4d1ee4f13e6eb6262
- 62f1bbe3518d63c8b810f668def28a11
- 89427996195939f6391b62ba57f71ce8
- 95365181b8c8d396fae0b06596c38f96
- 24ffdfc7f2509603a4f196cc4d19c1f6
- ff9f5d2a79e2bcac2fb7ed8090b3f7c3
- 8465cb9f195c901ba7114f142c2a1ff6
- 6c19c85b58f9c2a174c2b5ed9d4760ee
- 844217ce3a5c8d9648c02a85be3c5650
- f9a92ee220b69d82e0728521bf7fd02b
- 50791f8256bed121c5fda307813dbe07
- fbe7a6934dd6f4bd163b4858568e089f
- 29beded501f133d265a70aa56a5da1b7
- dfe4b2d6d18e26c0d09a5db006af55a4
- b1bd161f506e8527603f39c7ce230a4c
- -----END OpenVPN Static key V1-----
- </tls-auth>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement