Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##############################################
- # Sample client-side OpenVPN 2.0 config file #
- # for connecting to multi-client server. #
- # #
- # This configuration can be used by multiple #
- # clients, however each client should have #
- # its own cert and key files. #
- # #
- # On Windows, you might want to rename this #
- # file so it has a .ovpn extension #
- ##############################################
- # Specify that we are a client and that we
- # will be pulling certain config file directives
- # from the server.
- client
- # Use the same setting as you are using on
- # the server.
- # On most systems, the VPN will not function
- # unless you partially or fully disable
- # the firewall for the TUN/TAP interface.
- ;dev tap
- dev tun
- # Windows needs the TAP-Win32 adapter name
- # from the Network Connections panel
- # if you have more than one. On XP SP2,
- # you may need to disable the firewall
- # for the TAP adapter.
- ;dev-node MyTap
- # Are we connecting to a TCP or
- # UDP server? Use the same setting as
- # on the server.
- ;proto tcp
- proto udp
- # The hostname/IP and port of the server.
- # You can have multiple remote entries
- # to load balance between the servers.
- remote 192.168.1.49 1194
- ;remote my-server-2 1194
- # Choose a random host from the remote
- # list for load-balancing. Otherwise
- # try hosts in the order specified.
- ;remote-random
- # Keep trying indefinitely to resolve the
- # host name of the OpenVPN server. Very useful
- # on machines which are not permanently connected
- # to the internet such as laptops.
- resolv-retry infinite
- # Most clients don't need to bind to
- # a specific local port number.
- nobind
- # Downgrade privileges after initialization (non-Windows only)
- user nobody
- group nogroup
- # Try to preserve some state across restarts.
- persist-key
- persist-tun
- # If you are connecting through an
- # HTTP proxy to reach the actual OpenVPN
- # server, put the proxy server/IP and
- # port number here. See the man page
- # if your proxy server requires
- # authentication.
- ;http-proxy-retry # retry on connection failures
- ;http-proxy [proxy server] [proxy port #]
- # Wireless networks often produce a lot
- # of duplicate packets. Set this flag
- # to silence duplicate packet warnings.
- ;mute-replay-warnings
- # SSL/TLS parms.
- # See the server config file for more
- # description. It's best to use
- # a separate .crt/.key file pair
- # for each client. A single ca
- # file can be used for all clients.
- #ca ca.crt
- #cert client.crt
- #key client.key
- # Verify server certificate by checking that the
- # certicate has the correct key usage set.
- # This is an important precaution to protect against
- # a potential attack discussed here:
- # http://openvpn.net/howto.html#mitm
- #
- # To use this feature, you will need to generate
- # your server certificates with the keyUsage set to
- # digitalSignature, keyEncipherment
- # and the extendedKeyUsage to
- # serverAuth
- # EasyRSA can do this for you.
- remote-cert-tls server
- # If a tls-auth key is used on the server
- # then every client must also have the key.
- ;tls-auth ta.key 1
- # Select a cryptographic cipher.
- # If the cipher option is used on the server
- # then you must also specify it here.
- ;cipher x
- cipher AES-128-CBC
- auth SHA256
- # Enable compression on the VPN link.
- # Don't enable this unless it is also
- # enabled in the server config file.
- comp-lzo
- # Set log file verbosity.
- verb 3
- # Silence repeating messages
- ;mute 20
- key-direction 1
- script-security 2
- up /etc/openvpn/update-resolv-conf
- down /etc/openvpn/update-resolv-conf
- <ca>
- -----BEGIN CERTIFICATE-----
- MIIFDzCCA/egAwIBAgIJANd+s5XiP0/wMA0GCSqGSIb3DQEBCwUAMIG1MQswCQYD
- VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG
- A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p
- dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMQ8wDQYDVQQpEwZzZXJ2ZXIxITAf
- BgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjAeFw0xODAzMTcxNzEzNDBa
- Fw0yODAzMTQxNzEzNDBaMIG1MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTAT
- BgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UEChMMRm9ydC1GdW5zdG9uMR0wGwYD
- VQQLExRNeU9yZ2FuaXphdGlvbmFsVW5pdDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9u
- IENBMQ8wDQYDVQQpEwZzZXJ2ZXIxITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5t
- eWRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMtwKjWvEaCq
- G3ed2nL3TpbWIQKcwmfTP3XUjFser5S0MiEEln+2aQPyu6TEIkzzan2dT35PZ8B0
- ETzoMwmqQ9vOJOIZu43t5Vry/1oQGWkLmsg8xdVODSFgNDCHaTPx53+8yNLocCFS
- iHHNpcPQkLDgqBa6RSg1hz28mjuVXBNev2xCCBPatJ+eXr2/NfmYr2WqZ8jjRGTL
- USxbc4bVH6UoEdSiuMoraQVmBtoBO5e5bTYF0oMW+quwFl4LxGKlLAWoiuu9Y3rc
- fpIqJ5OZGQa/v1D1byuRgR/hf1eJgt+P6uul+sZ+bqKBcnuTBhTRENLHUBTD0UYz
- LUCsg/XR7ycCAwEAAaOCAR4wggEaMB0GA1UdDgQWBBS2pwmiNt7URk20K/1FMp/8
- /OwqKDCB6gYDVR0jBIHiMIHfgBS2pwmiNt7URk20K/1FMp/8/OwqKKGBu6SBuDCB
- tTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lz
- Y28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRp
- b25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVuc3RvbiBDQTEPMA0GA1UEKRMGc2Vy
- dmVyMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQDXfrOV4j9P
- 8DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCdFaj+utRe8yM2LwJi
- EbgPPEcgDVQqQTO2v0NN4jTZqQaYASjg8Ubow54cCIKElk+I1NL37ziZ1z9ME7C6
- KdXlChkJF7eLbPpukyb7Il/GSeJIDoKWW3RPgH4dm9W3oWl8yYxd9syKqO2DHem+
- VQ2JLh/Wh8clUe1GjdyJTcbeU9lkgRH7wQ+kk+FtD4ezK1Uy53mnaYjRGoFREPJQ
- iMzwPHUvcbXAhnVZfQsfvf8k6hpQ8N0bnGKyRj0Rpq1xKFqr7bZ8dYEosUvyOF0I
- 1UTPlrQHswNvTIZpGVDmIIGod2yzXwGF9SFfWJP/HsLUci2ISdF5ur1Pd7q9csMN
- O1T2
- -----END CERTIFICATE-----
- </ca>
- <cert>
- Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 3 (0x3)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=server/emailAddress=me@myhost.mydomain
- Validity
- Not Before: Mar 17 17:23:58 2018 GMT
- Not After : Mar 14 17:23:58 2028 GMT
- Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=client1/name=server2/emailAddress=me@myhost.mydomain
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:ba:a8:80:3d:17:fc:5b:d8:d7:01:28:f3:27:37:
- 29:d9:98:e2:40:8b:97:e7:86:c8:0c:80:26:2e:a5:
- cf:73:31:e1:b3:8d:78:4e:94:c1:7e:c5:f1:05:60:
- c4:69:30:7d:76:e0:7b:d6:1c:72:ff:59:fe:88:3d:
- b7:e0:e1:a7:a7:f3:ce:04:c9:a1:cb:4e:1f:61:97:
- d6:18:0e:93:e7:05:f1:87:bc:13:80:23:25:22:ae:
- 64:92:80:bb:46:d9:a6:4c:98:67:0e:8f:48:e6:4d:
- ce:f2:12:6b:59:1e:36:6e:da:fa:6c:3b:36:b3:5a:
- 5e:dd:ac:ef:52:ce:87:02:a2:69:84:8d:79:dc:40:
- c5:5b:dc:85:7e:f5:96:a5:15:c8:39:27:b0:fd:6c:
- cb:e8:31:4f:87:e4:13:bf:35:a3:cb:b9:7e:ac:c1:
- c4:3a:bf:00:8a:a2:5b:b6:ba:f2:f8:e1:dd:ae:40:
- 80:c1:2e:c8:e7:db:84:fe:8b:dc:96:4a:95:87:ef:
- 38:0f:53:6d:71:3b:fc:22:ff:9b:5a:8d:44:47:f6:
- ad:61:fa:78:e7:f0:36:d6:dd:d9:2c:b9:62:4b:7b:
- 57:44:9c:5a:11:3e:01:9e:0a:bb:e3:6f:f8:94:36:
- c2:1f:8d:dc:2c:a5:e9:62:8c:fc:72:35:fd:95:1a:
- 51:07
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- Easy-RSA Generated Certificate
- X509v3 Subject Key Identifier:
- CF:1F:96:32:F9:0A:E2:BC:12:31:AF:0D:2C:70:A4:84:64:0F:1A:8A
- X509v3 Authority Key Identifier:
- keyid:B6:A7:09:A2:36:DE:D4:46:4D:B4:2B:FD:45:32:9F:FC:FC:EC:2A:28
- DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=server/emailAddress=me@myhost.mydomain
- serial:D7:7E:B3:95:E2:3F:4F:F0
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Key Usage:
- Digital Signature
- X509v3 Subject Alternative Name:
- DNS:client1
- Signature Algorithm: sha256WithRSAEncryption
- c4:75:88:d0:47:1b:ab:29:42:39:22:2b:5e:da:ec:47:7a:a0:
- 25:97:1f:18:55:15:ab:6a:00:0f:1f:45:cc:0e:6d:c7:b0:48:
- 3b:13:b9:01:79:89:56:60:ac:e4:43:76:b9:67:da:bd:5b:e0:
- eb:71:3f:c2:60:1a:be:e9:7d:b0:bf:62:52:e3:a8:cc:95:4c:
- 02:2d:2e:c0:a6:32:72:94:ce:17:e8:47:44:88:37:7e:89:19:
- ad:78:e7:5d:b8:b0:27:c9:c5:73:a4:d3:35:69:3b:4c:b0:de:
- dc:d6:77:8f:f7:c6:a0:8c:6d:b2:3e:39:a3:4d:b0:f4:a5:7b:
- 87:28:54:7c:b3:3b:ed:68:9c:ed:48:a3:8b:72:8f:9c:5a:fb:
- 3b:db:9d:53:99:fd:8f:9e:97:1c:b1:48:23:85:a3:6d:6b:c5:
- 77:69:35:76:4b:de:25:a2:d1:d8:31:d9:30:d9:61:c8:ae:a0:
- d3:79:5a:a6:7b:27:c9:f0:a0:2d:9d:8f:38:e4:91:99:ab:e3:
- b4:d8:68:da:1f:e9:f6:3b:39:aa:db:46:5b:a5:47:04:ec:e7:
- e1:77:60:54:8d:e5:43:b1:32:f7:1e:7c:54:98:e4:d8:e1:db:
- 4c:61:9b:7c:f5:08:b7:73:f8:eb:a4:7e:72:af:ce:70:d3:d9:
- d4:9d:a3:35
- -----BEGIN CERTIFICATE-----
- MIIFYjCCBEqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCVVMx
- CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
- cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV
- BAMTD0ZvcnQtRnVuc3RvbiBDQTEPMA0GA1UEKRMGc2VydmVyMSEwHwYJKoZIhvcN
- AQkBFhJtZUBteWhvc3QubXlkb21haW4wHhcNMTgwMzE3MTcyMzU4WhcNMjgwMzE0
- MTcyMzU4WjCBrjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxT
- YW5GcmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEdMBsGA1UECxMUTXlP
- cmdhbml6YXRpb25hbFVuaXQxEDAOBgNVBAMTB2NsaWVudDExEDAOBgNVBCkTB3Nl
- cnZlcjIxITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjCCASIwDQYJ
- KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqogD0X/FvY1wEo8yc3KdmY4kCLl+eG
- yAyAJi6lz3Mx4bONeE6UwX7F8QVgxGkwfXbge9Yccv9Z/og9t+Dhp6fzzgTJoctO
- H2GX1hgOk+cF8Ye8E4AjJSKuZJKAu0bZpkyYZw6PSOZNzvISa1keNm7a+mw7NrNa
- Xt2s71LOhwKiaYSNedxAxVvchX71lqUVyDknsP1sy+gxT4fkE781o8u5fqzBxDq/
- AIqiW7a68vjh3a5AgMEuyOfbhP6L3JZKlYfvOA9TbXE7/CL/m1qNREf2rWH6eOfw
- Ntbd2Sy5Ykt7V0ScWhE+AZ4Ku+Nv+JQ2wh+N3Cyl6WKM/HI1/ZUaUQcCAwEAAaOC
- AYAwggF8MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
- YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUzx+WMvkK4rwSMa8NLHCkhGQPGoow
- geoGA1UdIwSB4jCB34AUtqcJojbe1EZNtCv9RTKf/PzsKiihgbukgbgwgbUxCzAJ
- BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUw
- EwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15T3JnYW5pemF0aW9uYWxV
- bml0MRgwFgYDVQQDEw9Gb3J0LUZ1bnN0b24gQ0ExDzANBgNVBCkTBnNlcnZlcjEh
- MB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluggkA136zleI/T/AwEwYD
- VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBIGA1UdEQQLMAmCB2NsaWVu
- dDEwDQYJKoZIhvcNAQELBQADggEBAMR1iNBHG6spQjkiK17a7Ed6oCWXHxhVFatq
- AA8fRcwObcewSDsTuQF5iVZgrORDdrln2r1b4OtxP8JgGr7pfbC/YlLjqMyVTAIt
- LsCmMnKUzhfoR0SIN36JGa145124sCfJxXOk0zVpO0yw3tzWd4/3xqCMbbI+OaNN
- sPSle4coVHyzO+1onO1Io4tyj5xa+zvbnVOZ/Y+elxyxSCOFo21rxXdpNXZL3iWi
- 0dgx2TDZYciuoNN5WqZ7J8nwoC2djzjkkZmr47TYaNof6fY7OarbRlulRwTs5+F3
- YFSN5UOxMvcefFSY5Njh20xhm3z1CLdz+OukfnKvznDT2dSdozU=
- -----END CERTIFICATE-----
- </cert>
- <key>
- -----BEGIN ENCRYPTED PRIVATE KEY-----
- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIpwpI5qJcwccCAggA
- MBQGCCqGSIb3DQMHBAi1Z3bJ/mACrgSCBMj+s0wSdmHFljxUiv/DzXIrEYe9upx0
- ywqs+b/N0AoA0eEXLOZewHSFop2LxueN2R7kVra+8uYiKJmWlpTbmVFPqFVJBvwR
- vIQWz7h6EsP7QiLsWJ4HMb/mjOvcvf8oFPhRy5eCUpgzUrcjrLH71zFhtB75KJOT
- Krxfjz7XD7DXsCpuyWTf0yOpmyEVhJWWwQQl5O20UVPE+WTl59PvnPhXephNQu/s
- rhbAriUSQftwlk7W/Rvk7X7/W4tOnVfYjcuqctukY0MD7X1bE7j4euuW8q6phBaa
- A8ZhZs58tZjiwC8F7bJfRTksyWmvEMtTtPqllJIdXEKQItaZmwaUv+usYRNOnNaV
- 9aT+mU4PmWcUw1gBfLMGJr/AsNvIA4/3Kfst9AYRZORiHZTzZMTGADs/NkgWhW4Z
- FooW4r349sB153I6W4u+accznvaz+xuQsUwNQ7sQMy7u8QBPIiYdvBkpxeX+PptW
- eDo/ogjOVcktqgTeuymKBvx4LvzB5oHEGCq8Q4quORQfPAlgvcWsprsy3lBde+Z3
- Ixd3YsuYrAQeoD2842sQHy2zmaJZnMdUrdEqGr/03GxK9qgHADHnfXWzNGc6ycwr
- Ah17Vi94MrpKyIrh535dAxf7pJjcYCKBnmfaZZSQcklzQj3iCwxaBGDCoTN8FwvM
- J2bUesvdJ+SIN7aWXcjn3/m8hvGqkN4jD1g2R9sUqBa3zXGC30L5Vy0sQZQkAhqd
- E/E4yVkn2O1u5L3KBwGqF1jY5tvJHob15DXOKqAiLPqYWjo2WidMhbTGUFB+SuU9
- FtFBCoL1PFRmhY0vawG8VdRuzEcx0R1iioxGf9XfZ3mfYI7buh1H9BEdgTsYF8Pf
- b1ddegU59fQHaGx0G4V6JgoRM3d6XmUYHLc9bOGxS8iwcf9+E5gNkIE0ePK6X8/o
- u5GUJ4jcH7p85ZBUhoWsoZpS/Zib9YfzhKbWtSZF0X+QlpnWa1NMH05AzbsHkpN1
- j8oGsMfG98x4NngtED4AR2V9UNpHxwOF6hRE6ZsFqhCpmmFLs0Y7DNKOeb0lNDjh
- WHiB7drsmhABZW4qWNSncMVBMaVbtWi54DgExeNxVo1zwDh6V5a0+7UgoUzrn+eO
- HUSkUMCf26QZuEIFo8rGLAFmNLG8K1Ct3Akw/QJyBac6k+/QSHSRPXfBeFq6WlKy
- rjzrtjLy28i0LG0nSxFr0ZfOGsRZP+/SK7plMWsn51IeZhHRmKdQRhqGN5ZJVqs2
- 9I1A04j1VXxWD7pYplolJnM55EN4yFbVjUgrc+ZGtq1z+slS2YyWu81LDxjGitMz
- zMgJ/vwRMfZSNWzmXolXNCChNPnysZRxWe1LWTfSCXVe/mE2Cvq5wup5QPrA7Z1G
- ntCVWpC7SELizphKuAW5X/pBvdyQUSsMe9CXeitSyDzWuUIkqP7QZAHdIFaQcPHw
- FCmH0j7igQrD5PJQsdEVeGH4LcZWh+oHi4m0td9j4Qre9HS2Pvf03oblm6st/joy
- HTc1uuPCKFSghkkc/0Uyh3BVqYXIz8ztz99PS33g/TeqaOqRTlgD0KU+sBi/s8Wn
- 43PqHO2Xy+2pikW+Uk4ZAJrjZxDgMa5f2BCRVi3AX4sdwknXL8cD/mH4V0rjzDun
- xgw=
- -----END ENCRYPTED PRIVATE KEY-----
- </key>
- <tls-auth>
- #
- # 2048 bit OpenVPN static key
- #
- -----BEGIN OpenVPN Static key V1-----
- b84d7a4c60d67529b82df6083b40ceaa
- e767831a8921e83908d0af2cfba79c4f
- 84c493f27a157597a9336516bc2019f9
- 322850e20194633e7a891c50facfb69d
- 5a791da875e4b18021c24ced8fc54475
- 6a500d733eb3b5d12a8c05aae7abb45f
- 90fcb81824bb0f0bac958bb52e622fdb
- 4c06d1d6ec10f65336ee436e3023025a
- a54dccad7616f85161b1827290ea62a7
- bbbd7327487160cd2088b93e0d2a2b7e
- 5a917d9212df55e12b517d7e6a5eb7e3
- 3ca9ce4da06803e0955349606af9ac16
- 7d99f738aadbaa037221473457fc619f
- e7f0fb00979856a5f65c19b12bc5d8d0
- 1679752715495edb87796973d2c01c84
- df00ca666e0170dcc7cce6bbd17d87af
- -----END OpenVPN Static key V1-----
- </tls-auth>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement