Blame | Last modification | View Log | Download
############################################### Sample client-side OpenVPN 2.0 config file ## for connecting to multi-client server. ## ## This configuration can be used by multiple ## clients, however each client should have ## its own cert and key files. ## ## On Windows, you might want to rename this ## file so it has a .ovpn extension ################################################ Specify that we are a client and that we# will be pulling certain config file directives# from the server.clientauth-user-passauth-nocache# Use the same setting as you are using on# the server.# On most systems, the VPN will not function# unless you partially or fully disable# the firewall for the TUN/TAP interface.dev tap;dev tun# Windows needs the TAP-Win32 adapter name# from the Network Connections panel# if you have more than one. On XP SP2,# you may need to disable the firewall# for the TAP adapter.dev-node "OpenVPN TAP-Windows6"# Are we connecting to a TCP or# UDP server? Use the same setting as# on the server.;proto tcpproto udp4# The hostname/IP and port of the server.# You can have multiple remote entries# to load balance between the servers.remote 77.60.250.26 2194#remote 77.60.250.27 8194#remote 192.168.2.121 8194# Choose a random host from the remote# list for load-balancing. Otherwise# try hosts in the order specified.;remote-random# Keep trying indefinitely to resolve the# host name of the OpenVPN server. Very useful# on machines which are not permanently connected# to the internet such as laptops.resolv-retry infinite# Most clients don't need to bind to# a specific local port number.nobind# Downgrade privileges after initialization (non-Windows only);user openvpn;group openvpn# Try to preserve some state across restarts.persist-keypersist-tun# If you are connecting through an# HTTP proxy to reach the actual OpenVPN# server, put the proxy server/IP and# port number here. See the man page# if your proxy server requires# authentication.;http-proxy-retry # retry on connection failures;http-proxy [proxy server] [proxy port #]# Wireless networks often produce a lot# of duplicate packets. Set this flag# to silence duplicate packet warnings.;mute-replay-warnings# SSL/TLS parms.# See the server config file for more# description. It's best to use# a separate .crt/.key file pair# for each client. A single ca# file can be used for all clients.ca ca.crtcert client2.crtkey client2.key# Verify server certificate by checking that the# certificate has the correct key usage set.# This is an important precaution to protect against# a potential attack discussed here:# http://openvpn.net/howto.html#mitm## To use this feature, you will need to generate# your server certificates with the keyUsage set to# digitalSignature, keyEncipherment# and the extendedKeyUsage to# serverAuth# EasyRSA can do this for you.remote-cert-tls server# If a tls-auth key is used on the server# then every client must also have the key.tls-auth ta.key 1# Select a cryptographic cipher.# If the cipher option is used on the server# then you must also specify it here.# Note that v2.4 client/server will automatically# negotiate AES-256-GCM in TLS mode.# See also the data-ciphers option in the manpage#cipher AES-256-CBCdata-ciphers AES-256-GCMdata-ciphers-fallback AES-256-CBC# Enable compression on the VPN link.# Don't enable this unless it is also# enabled in the server config file.#comp-lzo# Set log file verbosity.verb 2# Silence repeating messages;mute 20