| 1 | ############################################## |
|---|
| 2 | # Sample client-side OpenVPN 2.0 config file # |
|---|
| 3 | # for connecting to multi-client server. # |
|---|
| 4 | # # |
|---|
| 5 | # This configuration can be used by multiple # |
|---|
| 6 | # clients, however each client should have # |
|---|
| 7 | # its own cert and key files. # |
|---|
| 8 | # # |
|---|
| 9 | # On Windows, you might want to rename this # |
|---|
| 10 | # file so it has a .ovpn extension # |
|---|
| 11 | ############################################## |
|---|
| 12 | # Specify that we are a client and that we |
|---|
| 13 | # will be pulling certain config file directives |
|---|
| 14 | # from the server. |
|---|
| 15 | client |
|---|
| 16 | # Use the same setting as you are using on |
|---|
| 17 | # the server. |
|---|
| 18 | # On most systems, the VPN will not function |
|---|
| 19 | # unless you partially or fully disable |
|---|
| 20 | # the firewall for the TUN/TAP interface. |
|---|
| 21 | ;dev tap |
|---|
| 22 | dev tun |
|---|
| 23 | # Windows needs the TAP-Win32 adapter name |
|---|
| 24 | # from the Network Connections panel |
|---|
| 25 | # if you have more than one. On XP SP2, |
|---|
| 26 | # you may need to disable the firewall |
|---|
| 27 | # for the TAP adapter. |
|---|
| 28 | ;dev-node MyTap |
|---|
| 29 | # Are we connecting to a TCP or |
|---|
| 30 | # UDP server? Use the same setting as |
|---|
| 31 | # on the server. |
|---|
| 32 | ;proto tcp |
|---|
| 33 | proto udp |
|---|
| 34 | # The hostname/IP and port of the server. |
|---|
| 35 | # You can have multiple remote entries |
|---|
| 36 | # to load balance between the servers. |
|---|
| 37 | ;remote my-server-2 1194 |
|---|
| 38 | # Choose a random host from the remote |
|---|
| 39 | # list for load-balancing. Otherwise |
|---|
| 40 | # try hosts in the order specified. |
|---|
| 41 | ;remote-random |
|---|
| 42 | # Keep trying indefinitely to resolve the |
|---|
| 43 | # host name of the OpenVPN server. Very useful |
|---|
| 44 | # on machines which are not permanently connected |
|---|
| 45 | # to the internet such as laptops. |
|---|
| 46 | resolv-retry infinite |
|---|
| 47 | # Most clients don't need to bind to |
|---|
| 48 | # a specific local port number. |
|---|
| 49 | nobind |
|---|
| 50 | # Downgrade privileges after initialization (non-Windows only) |
|---|
| 51 | ;user nobody |
|---|
| 52 | ;group nobody |
|---|
| 53 | # Try to preserve some state across restarts. |
|---|
| 54 | persist-key |
|---|
| 55 | persist-tun |
|---|
| 56 | # If you are connecting through an |
|---|
| 57 | # HTTP proxy to reach the actual OpenVPN |
|---|
| 58 | # server, put the proxy server/IP and |
|---|
| 59 | # port number here. See the man page |
|---|
| 60 | # if your proxy server requires |
|---|
| 61 | # authentication. |
|---|
| 62 | ;http-proxy-retry # retry on connection failures |
|---|
| 63 | ;http-proxy [proxy server] [proxy port #] |
|---|
| 64 | # Wireless networks often produce a lot |
|---|
| 65 | # of duplicate packets. Set this flag |
|---|
| 66 | # to silence duplicate packet warnings. |
|---|
| 67 | ;mute-replay-warnings |
|---|
| 68 | # SSL/TLS parms. |
|---|
| 69 | # See the server config file for more |
|---|
| 70 | # description. It's best to use |
|---|
| 71 | # a separate .crt/.key file pair |
|---|
| 72 | # for each client. A single ca |
|---|
| 73 | # file can be used for all clients. |
|---|
| 74 | ca ca.crt |
|---|
| 75 | cert client.crt |
|---|
| 76 | key client.key |
|---|
| 77 | # Verify server certificate by checking |
|---|
| 78 | # that the certicate has the nsCertType |
|---|
| 79 | # field set to "server". This is an |
|---|
| 80 | # important precaution to protect against |
|---|
| 81 | # a potential attack discussed here: |
|---|
| 82 | # http://openvpn.net/howto.html#mitm |
|---|
| 83 | # To use this feature, you will need to generate |
|---|
| 84 | # your server certificates with the nsCertType |
|---|
| 85 | # field set to "server". The build-key-server |
|---|
| 86 | # script in the easy-rsa folder will do this. |
|---|
| 87 | ns-cert-type server |
|---|
| 88 | # If a tls-auth key is used on the server |
|---|
| 89 | # then every client must also have the key. |
|---|
| 90 | ;tls-auth ta.key 1 |
|---|
| 91 | # Select a cryptographic cipher. |
|---|
| 92 | # If the cipher option is used on the server |
|---|
| 93 | # then you must also specify it here. |
|---|
| 94 | ;cipher x |
|---|
| 95 | # Enable compression on the VPN link. |
|---|
| 96 | # Don't enable this unless it is also |
|---|
| 97 | # enabled in the server config file. |
|---|
| 98 | comp-lzo |
|---|
| 99 | # Set log file verbosity. |
|---|
| 100 | verb 3 |
|---|
| 101 | # Silence repeating messages |
|---|
| 102 | ;mute 20 |
|---|
| 103 | remote 172.20.186.146 1194 |
|---|
| 104 | route-delay 5 30 |
|---|
| 105 | ip-win32 netsh |
|---|
