Untitled

##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server.     #
#                                            #
# This configuration can be used by multiple #
# clients, however each client should have   #
# its own cert and key files.                #
#                                            #
# On Windows, you might want to rename this  #
# file so it has a .ovpn extension           #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one.  On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote 192.168.1.49 1194
;remote my-server-2 1194

# Choose a random host from the remote
# list for load-balancing.  Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
user nobody
group nogroup

# Try to preserve some state across restarts.
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here.  See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets.  Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
#ca ca.crt
#cert client.crt
#key client.key

# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
#   digitalSignature, keyEncipherment
# and the extendedKeyUsage to
#   serverAuth
# EasyRSA can do this for you.
remote-cert-tls server

# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
cipher AES-128-CBC
auth SHA256

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo

# Set log file verbosity.
verb 3

# Silence repeating messages
;mute 20

key-direction 1

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
<ca>
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgIJANd+s5XiP0/wMA0GCSqGSIb3DQEBCwUAMIG1MQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG
A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p
dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMQ8wDQYDVQQpEwZzZXJ2ZXIxITAf
BgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjAeFw0xODAzMTcxNzEzNDBa
Fw0yODAzMTQxNzEzNDBaMIG1MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTAT
BgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UEChMMRm9ydC1GdW5zdG9uMR0wGwYD
VQQLExRNeU9yZ2FuaXphdGlvbmFsVW5pdDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9u
IENBMQ8wDQYDVQQpEwZzZXJ2ZXIxITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5t
eWRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMtwKjWvEaCq
G3ed2nL3TpbWIQKcwmfTP3XUjFser5S0MiEEln+2aQPyu6TEIkzzan2dT35PZ8B0
ETzoMwmqQ9vOJOIZu43t5Vry/1oQGWkLmsg8xdVODSFgNDCHaTPx53+8yNLocCFS
iHHNpcPQkLDgqBa6RSg1hz28mjuVXBNev2xCCBPatJ+eXr2/NfmYr2WqZ8jjRGTL
USxbc4bVH6UoEdSiuMoraQVmBtoBO5e5bTYF0oMW+quwFl4LxGKlLAWoiuu9Y3rc
fpIqJ5OZGQa/v1D1byuRgR/hf1eJgt+P6uul+sZ+bqKBcnuTBhTRENLHUBTD0UYz
LUCsg/XR7ycCAwEAAaOCAR4wggEaMB0GA1UdDgQWBBS2pwmiNt7URk20K/1FMp/8
/OwqKDCB6gYDVR0jBIHiMIHfgBS2pwmiNt7URk20K/1FMp/8/OwqKKGBu6SBuDCB
tTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lz
Y28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRp
b25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVuc3RvbiBDQTEPMA0GA1UEKRMGc2Vy
dmVyMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQDXfrOV4j9P
8DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCdFaj+utRe8yM2LwJi
EbgPPEcgDVQqQTO2v0NN4jTZqQaYASjg8Ubow54cCIKElk+I1NL37ziZ1z9ME7C6
KdXlChkJF7eLbPpukyb7Il/GSeJIDoKWW3RPgH4dm9W3oWl8yYxd9syKqO2DHem+
VQ2JLh/Wh8clUe1GjdyJTcbeU9lkgRH7wQ+kk+FtD4ezK1Uy53mnaYjRGoFREPJQ
iMzwPHUvcbXAhnVZfQsfvf8k6hpQ8N0bnGKyRj0Rpq1xKFqr7bZ8dYEosUvyOF0I
1UTPlrQHswNvTIZpGVDmIIGod2yzXwGF9SFfWJP/HsLUci2ISdF5ur1Pd7q9csMN
O1T2
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3 (0x3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=server/emailAddress=me@myhost.mydomain
        Validity
            Not Before: Mar 17 17:23:58 2018 GMT
            Not After : Mar 14 17:23:58 2028 GMT
        Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=client1/name=server2/emailAddress=me@myhost.mydomain
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ba:a8:80:3d:17:fc:5b:d8:d7:01:28:f3:27:37:
                    29:d9:98:e2:40:8b:97:e7:86:c8:0c:80:26:2e:a5:
                    cf:73:31:e1:b3:8d:78:4e:94:c1:7e:c5:f1:05:60:
                    c4:69:30:7d:76:e0:7b:d6:1c:72:ff:59:fe:88:3d:
                    b7:e0:e1:a7:a7:f3:ce:04:c9:a1:cb:4e:1f:61:97:
                    d6:18:0e:93:e7:05:f1:87:bc:13:80:23:25:22:ae:
                    64:92:80:bb:46:d9:a6:4c:98:67:0e:8f:48:e6:4d:
                    ce:f2:12:6b:59:1e:36:6e:da:fa:6c:3b:36:b3:5a:
                    5e:dd:ac:ef:52:ce:87:02:a2:69:84:8d:79:dc:40:
                    c5:5b:dc:85:7e:f5:96:a5:15:c8:39:27:b0:fd:6c:
                    cb:e8:31:4f:87:e4:13:bf:35:a3:cb:b9:7e:ac:c1:
                    c4:3a:bf:00:8a:a2:5b:b6:ba:f2:f8:e1:dd:ae:40:
                    80:c1:2e:c8:e7:db:84:fe:8b:dc:96:4a:95:87:ef:
                    38:0f:53:6d:71:3b:fc:22:ff:9b:5a:8d:44:47:f6:
                    ad:61:fa:78:e7:f0:36:d6:dd:d9:2c:b9:62:4b:7b:
                    57:44:9c:5a:11:3e:01:9e:0a:bb:e3:6f:f8:94:36:
                    c2:1f:8d:dc:2c:a5:e9:62:8c:fc:72:35:fd:95:1a:
                    51:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                Easy-RSA Generated Certificate
            X509v3 Subject Key Identifier:
                CF:1F:96:32:F9:0A:E2:BC:12:31:AF:0D:2C:70:A4:84:64:0F:1A:8A
            X509v3 Authority Key Identifier:
                keyid:B6:A7:09:A2:36:DE:D4:46:4D:B4:2B:FD:45:32:9F:FC:FC:EC:2A:28
                DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=server/emailAddress=me@myhost.mydomain
                serial:D7:7E:B3:95:E2:3F:4F:F0

            X509v3 Extended Key Usage:
                TLS Web Client Authentication
            X509v3 Key Usage:
                Digital Signature
            X509v3 Subject Alternative Name:
                DNS:client1
    Signature Algorithm: sha256WithRSAEncryption
         c4:75:88:d0:47:1b:ab:29:42:39:22:2b:5e:da:ec:47:7a:a0:
         25:97:1f:18:55:15:ab:6a:00:0f:1f:45:cc:0e:6d:c7:b0:48:
         3b:13:b9:01:79:89:56:60:ac:e4:43:76:b9:67:da:bd:5b:e0:
         eb:71:3f:c2:60:1a:be:e9:7d:b0:bf:62:52:e3:a8:cc:95:4c:
         02:2d:2e:c0:a6:32:72:94:ce:17:e8:47:44:88:37:7e:89:19:
         ad:78:e7:5d:b8:b0:27:c9:c5:73:a4:d3:35:69:3b:4c:b0:de:
         dc:d6:77:8f:f7:c6:a0:8c:6d:b2:3e:39:a3:4d:b0:f4:a5:7b:
         87:28:54:7c:b3:3b:ed:68:9c:ed:48:a3:8b:72:8f:9c:5a:fb:
         3b:db:9d:53:99:fd:8f:9e:97:1c:b1:48:23:85:a3:6d:6b:c5:
         77:69:35:76:4b:de:25:a2:d1:d8:31:d9:30:d9:61:c8:ae:a0:
         d3:79:5a:a6:7b:27:c9:f0:a0:2d:9d:8f:38:e4:91:99:ab:e3:
         b4:d8:68:da:1f:e9:f6:3b:39:aa:db:46:5b:a5:47:04:ec:e7:
         e1:77:60:54:8d:e5:43:b1:32:f7:1e:7c:54:98:e4:d8:e1:db:
         4c:61:9b:7c:f5:08:b7:73:f8:eb:a4:7e:72:af:ce:70:d3:d9:
         d4:9d:a3:35
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV
BAMTD0ZvcnQtRnVuc3RvbiBDQTEPMA0GA1UEKRMGc2VydmVyMSEwHwYJKoZIhvcN
AQkBFhJtZUBteWhvc3QubXlkb21haW4wHhcNMTgwMzE3MTcyMzU4WhcNMjgwMzE0
MTcyMzU4WjCBrjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxT
YW5GcmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEdMBsGA1UECxMUTXlP
cmdhbml6YXRpb25hbFVuaXQxEDAOBgNVBAMTB2NsaWVudDExEDAOBgNVBCkTB3Nl
cnZlcjIxITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqogD0X/FvY1wEo8yc3KdmY4kCLl+eG
yAyAJi6lz3Mx4bONeE6UwX7F8QVgxGkwfXbge9Yccv9Z/og9t+Dhp6fzzgTJoctO
H2GX1hgOk+cF8Ye8E4AjJSKuZJKAu0bZpkyYZw6PSOZNzvISa1keNm7a+mw7NrNa
Xt2s71LOhwKiaYSNedxAxVvchX71lqUVyDknsP1sy+gxT4fkE781o8u5fqzBxDq/
AIqiW7a68vjh3a5AgMEuyOfbhP6L3JZKlYfvOA9TbXE7/CL/m1qNREf2rWH6eOfw
Ntbd2Sy5Ykt7V0ScWhE+AZ4Ku+Nv+JQ2wh+N3Cyl6WKM/HI1/ZUaUQcCAwEAAaOC
AYAwggF8MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUzx+WMvkK4rwSMa8NLHCkhGQPGoow
geoGA1UdIwSB4jCB34AUtqcJojbe1EZNtCv9RTKf/PzsKiihgbukgbgwgbUxCzAJ
BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUw
EwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15T3JnYW5pemF0aW9uYWxV
bml0MRgwFgYDVQQDEw9Gb3J0LUZ1bnN0b24gQ0ExDzANBgNVBCkTBnNlcnZlcjEh
MB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluggkA136zleI/T/AwEwYD
VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBIGA1UdEQQLMAmCB2NsaWVu
dDEwDQYJKoZIhvcNAQELBQADggEBAMR1iNBHG6spQjkiK17a7Ed6oCWXHxhVFatq
AA8fRcwObcewSDsTuQF5iVZgrORDdrln2r1b4OtxP8JgGr7pfbC/YlLjqMyVTAIt
LsCmMnKUzhfoR0SIN36JGa145124sCfJxXOk0zVpO0yw3tzWd4/3xqCMbbI+OaNN
sPSle4coVHyzO+1onO1Io4tyj5xa+zvbnVOZ/Y+elxyxSCOFo21rxXdpNXZL3iWi
0dgx2TDZYciuoNN5WqZ7J8nwoC2djzjkkZmr47TYaNof6fY7OarbRlulRwTs5+F3
YFSN5UOxMvcefFSY5Njh20xhm3z1CLdz+OukfnKvznDT2dSdozU=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIpwpI5qJcwccCAggA
MBQGCCqGSIb3DQMHBAi1Z3bJ/mACrgSCBMj+s0wSdmHFljxUiv/DzXIrEYe9upx0
ywqs+b/N0AoA0eEXLOZewHSFop2LxueN2R7kVra+8uYiKJmWlpTbmVFPqFVJBvwR
vIQWz7h6EsP7QiLsWJ4HMb/mjOvcvf8oFPhRy5eCUpgzUrcjrLH71zFhtB75KJOT
Krxfjz7XD7DXsCpuyWTf0yOpmyEVhJWWwQQl5O20UVPE+WTl59PvnPhXephNQu/s
rhbAriUSQftwlk7W/Rvk7X7/W4tOnVfYjcuqctukY0MD7X1bE7j4euuW8q6phBaa
A8ZhZs58tZjiwC8F7bJfRTksyWmvEMtTtPqllJIdXEKQItaZmwaUv+usYRNOnNaV
9aT+mU4PmWcUw1gBfLMGJr/AsNvIA4/3Kfst9AYRZORiHZTzZMTGADs/NkgWhW4Z
FooW4r349sB153I6W4u+accznvaz+xuQsUwNQ7sQMy7u8QBPIiYdvBkpxeX+PptW
eDo/ogjOVcktqgTeuymKBvx4LvzB5oHEGCq8Q4quORQfPAlgvcWsprsy3lBde+Z3
Ixd3YsuYrAQeoD2842sQHy2zmaJZnMdUrdEqGr/03GxK9qgHADHnfXWzNGc6ycwr
Ah17Vi94MrpKyIrh535dAxf7pJjcYCKBnmfaZZSQcklzQj3iCwxaBGDCoTN8FwvM
J2bUesvdJ+SIN7aWXcjn3/m8hvGqkN4jD1g2R9sUqBa3zXGC30L5Vy0sQZQkAhqd
E/E4yVkn2O1u5L3KBwGqF1jY5tvJHob15DXOKqAiLPqYWjo2WidMhbTGUFB+SuU9
FtFBCoL1PFRmhY0vawG8VdRuzEcx0R1iioxGf9XfZ3mfYI7buh1H9BEdgTsYF8Pf
b1ddegU59fQHaGx0G4V6JgoRM3d6XmUYHLc9bOGxS8iwcf9+E5gNkIE0ePK6X8/o
u5GUJ4jcH7p85ZBUhoWsoZpS/Zib9YfzhKbWtSZF0X+QlpnWa1NMH05AzbsHkpN1
j8oGsMfG98x4NngtED4AR2V9UNpHxwOF6hRE6ZsFqhCpmmFLs0Y7DNKOeb0lNDjh
WHiB7drsmhABZW4qWNSncMVBMaVbtWi54DgExeNxVo1zwDh6V5a0+7UgoUzrn+eO
HUSkUMCf26QZuEIFo8rGLAFmNLG8K1Ct3Akw/QJyBac6k+/QSHSRPXfBeFq6WlKy
rjzrtjLy28i0LG0nSxFr0ZfOGsRZP+/SK7plMWsn51IeZhHRmKdQRhqGN5ZJVqs2
9I1A04j1VXxWD7pYplolJnM55EN4yFbVjUgrc+ZGtq1z+slS2YyWu81LDxjGitMz
zMgJ/vwRMfZSNWzmXolXNCChNPnysZRxWe1LWTfSCXVe/mE2Cvq5wup5QPrA7Z1G
ntCVWpC7SELizphKuAW5X/pBvdyQUSsMe9CXeitSyDzWuUIkqP7QZAHdIFaQcPHw
FCmH0j7igQrD5PJQsdEVeGH4LcZWh+oHi4m0td9j4Qre9HS2Pvf03oblm6st/joy
HTc1uuPCKFSghkkc/0Uyh3BVqYXIz8ztz99PS33g/TeqaOqRTlgD0KU+sBi/s8Wn
43PqHO2Xy+2pikW+Uk4ZAJrjZxDgMa5f2BCRVi3AX4sdwknXL8cD/mH4V0rjzDun
xgw=
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
b84d7a4c60d67529b82df6083b40ceaa
e767831a8921e83908d0af2cfba79c4f
84c493f27a157597a9336516bc2019f9
322850e20194633e7a891c50facfb69d
5a791da875e4b18021c24ced8fc54475
6a500d733eb3b5d12a8c05aae7abb45f
90fcb81824bb0f0bac958bb52e622fdb
4c06d1d6ec10f65336ee436e3023025a
a54dccad7616f85161b1827290ea62a7
bbbd7327487160cd2088b93e0d2a2b7e
5a917d9212df55e12b517d7e6a5eb7e3
3ca9ce4da06803e0955349606af9ac16
7d99f738aadbaa037221473457fc619f
e7f0fb00979856a5f65c19b12bc5d8d0
1679752715495edb87796973d2c01c84
df00ca666e0170dcc7cce6bbd17d87af
-----END OpenVPN Static key V1-----
</tls-auth>