1 | ############################################## |
---|
2 | # Sample client-side OpenVPN 2.0 config file # |
---|
3 | # for connecting to multi-client server. # |
---|
4 | # # |
---|
5 | # This configuration can be used by multiple # |
---|
6 | # clients, however each client should have # |
---|
7 | # its own cert and key files. # |
---|
8 | # # |
---|
9 | # On Windows, you might want to rename this # |
---|
10 | # file so it has a .ovpn extension # |
---|
11 | ############################################## |
---|
12 | |
---|
13 | # Specify that we are a client and that we |
---|
14 | # will be pulling certain config file directives |
---|
15 | # from the server. |
---|
16 | client |
---|
17 | |
---|
18 | # Use the same setting as you are using on |
---|
19 | # the server. |
---|
20 | # On most systems, the VPN will not function |
---|
21 | # unless you partially or fully disable |
---|
22 | # the firewall for the TUN/TAP interface. |
---|
23 | dev tap |
---|
24 | ;dev tun |
---|
25 | |
---|
26 | # Windows needs the TAP-Win32 adapter name |
---|
27 | # from the Network Connections panel |
---|
28 | # if you have more than one. On XP SP2, |
---|
29 | # you may need to disable the firewall |
---|
30 | # for the TAP adapter. |
---|
31 | ;dev-node MyTap |
---|
32 | dev-node TAPLan |
---|
33 | |
---|
34 | # Are we connecting to a TCP or |
---|
35 | # UDP server? Use the same setting as |
---|
36 | # on the server. |
---|
37 | proto tcp |
---|
38 | ;proto udp |
---|
39 | |
---|
40 | # The hostname/IP and port of the server. |
---|
41 | # You can have multiple remote entries |
---|
42 | # to load balance between the servers. |
---|
43 | ;remote toba.homeip.net 443 |
---|
44 | remote 192.168.178.1 443 |
---|
45 | |
---|
46 | # Choose a random host from the remote |
---|
47 | # list for load-balancing. Otherwise |
---|
48 | # try hosts in the order specified. |
---|
49 | ;remote-random |
---|
50 | |
---|
51 | # Keep trying indefinitely to resolve the |
---|
52 | # host name of the OpenVPN server. Very useful |
---|
53 | # on machines which are not permanently connected |
---|
54 | # to the internet such as laptops. |
---|
55 | resolv-retry 120 |
---|
56 | |
---|
57 | # Most clients don't need to bind to |
---|
58 | # a specific local port number. |
---|
59 | nobind |
---|
60 | |
---|
61 | # Downgrade privileges after initialization (non-Windows only) |
---|
62 | ;user nobody |
---|
63 | ;group nobody |
---|
64 | |
---|
65 | # Try to preserve some state across restarts. |
---|
66 | persist-key |
---|
67 | persist-tun |
---|
68 | |
---|
69 | # If you are connecting through an |
---|
70 | # HTTP proxy to reach the actual OpenVPN |
---|
71 | # server, put the proxy server/IP and |
---|
72 | # port number here. See the man page |
---|
73 | # if your proxy server requires |
---|
74 | # authentication. |
---|
75 | ;http-proxy-retry # retry on connection failures |
---|
76 | |
---|
77 | |
---|
78 | # Wireless networks often produce a lot |
---|
79 | # of duplicate packets. Set this flag |
---|
80 | # to silence duplicate packet warnings. |
---|
81 | ;mute-replay-warnings |
---|
82 | |
---|
83 | |
---|
84 | # PKCS11 |
---|
85 | |
---|
86 | pkcs11-providers C:/windows/system32/eTpkcs11.dll |
---|
87 | pkcs11-id 'Aladdin\x20Knowledge\x20Systems\x20Ltd\x2E/eToken/5254f514/EToken\x20Felix\x20Brunner/39453945373335312D333545442D343031612D384637302D3238463636393036363042303A30' |
---|
88 | |
---|
89 | |
---|
90 | # SSL/TLS parms. |
---|
91 | # See the server config file for more |
---|
92 | # description. It's best to use |
---|
93 | # a separate .crt/.key file pair |
---|
94 | # for each client. A single ca |
---|
95 | # file can be used for all clients. |
---|
96 | ca ../keys/ca.crt |
---|
97 | ;cert ../keys/clientpw.crt |
---|
98 | ;key ../keys/clientpw.key |
---|
99 | |
---|
100 | # Verify server certificate by checking |
---|
101 | # that the certicate has the nsCertType |
---|
102 | # field set to "server". This is an |
---|
103 | # important precaution to protect against |
---|
104 | # a potential attack discussed here: |
---|
105 | # http://openvpn.net/howto.html#mitm |
---|
106 | # |
---|
107 | # To use this feature, you will need to generate |
---|
108 | # your server certificates with the nsCertType |
---|
109 | # field set to "server". The build-key-server |
---|
110 | # script in the easy-rsa folder will do this. |
---|
111 | ns-cert-type server |
---|
112 | |
---|
113 | # If a tls-auth key is used on the server |
---|
114 | # then every client must also have the key. |
---|
115 | ;tls-auth ta.key 1 |
---|
116 | |
---|
117 | # Select a cryptographic cipher. |
---|
118 | # If the cipher option is used on the server |
---|
119 | # then you must also specify it here. |
---|
120 | ;cipher x |
---|
121 | |
---|
122 | # Enable compression on the VPN link. |
---|
123 | # Don't enable this unless it is also |
---|
124 | # enabled in the server config file. |
---|
125 | comp-lzo |
---|
126 | |
---|
127 | # Set log file verbosity. |
---|
128 | verb 3 |
---|
129 | |
---|
130 | # Silence repeating messages |
---|
131 | ;mute 20 |
---|
132 | |
---|
133 | # management port |
---|
134 | management localhost 7505 |
---|