Ticket #309: client.ovpn

File client.ovpn, 3.5 KB (added by vbokashov, 8 years ago)

client config

Line 
1##############################################
2# Sample client-side OpenVPN 2.0 config file #
3# for connecting to multi-client server.     #
4#                                            #
5# This configuration can be used by multiple #
6# clients, however each client should have   #
7# its own cert and key files.                #
8#                                            #
9# On Windows, you might want to rename this  #
10# file so it has a .ovpn extension           #
11##############################################
12# Specify that we are a client and that we
13# will be pulling certain config file directives
14# from the server.
15client
16# Use the same setting as you are using on
17# the server.
18# On most systems, the VPN will not function
19# unless you partially or fully disable
20# the firewall for the TUN/TAP interface.
21;dev tap
22dev tun
23# Windows needs the TAP-Win32 adapter name
24# from the Network Connections panel
25# if you have more than one.  On XP SP2,
26# you may need to disable the firewall
27# for the TAP adapter.
28;dev-node MyTap
29# Are we connecting to a TCP or
30# UDP server?  Use the same setting as
31# on the server.
32;proto tcp
33proto udp
34# The hostname/IP and port of the server.
35# You can have multiple remote entries
36# to load balance between the servers.
37;remote my-server-2 1194
38# Choose a random host from the remote
39# list for load-balancing.  Otherwise
40# try hosts in the order specified.
41;remote-random
42# Keep trying indefinitely to resolve the
43# host name of the OpenVPN server.  Very useful
44# on machines which are not permanently connected
45# to the internet such as laptops.
46resolv-retry infinite
47# Most clients don't need to bind to
48# a specific local port number.
49nobind
50# Downgrade privileges after initialization (non-Windows only)
51;user nobody
52;group nobody
53# Try to preserve some state across restarts.
54persist-key
55persist-tun
56# If you are connecting through an
57# HTTP proxy to reach the actual OpenVPN
58# server, put the proxy server/IP and
59# port number here.  See the man page
60# if your proxy server requires
61# authentication.
62;http-proxy-retry # retry on connection failures
63;http-proxy [proxy server] [proxy port #]
64# Wireless networks often produce a lot
65# of duplicate packets.  Set this flag
66# to silence duplicate packet warnings.
67;mute-replay-warnings
68# SSL/TLS parms.
69# See the server config file for more
70# description.  It's best to use
71# a separate .crt/.key file pair
72# for each client.  A single ca
73# file can be used for all clients.
74ca ca.crt
75cert client.crt
76key client.key
77# Verify server certificate by checking
78# that the certicate has the nsCertType
79# field set to "server".  This is an
80# important precaution to protect against
81# a potential attack discussed here:
82#  http://openvpn.net/howto.html#mitm
83# To use this feature, you will need to generate
84# your server certificates with the nsCertType
85# field set to "server".  The build-key-server
86# script in the easy-rsa folder will do this.
87ns-cert-type server
88# If a tls-auth key is used on the server
89# then every client must also have the key.
90;tls-auth ta.key 1
91# Select a cryptographic cipher.
92# If the cipher option is used on the server
93# then you must also specify it here.
94;cipher x
95# Enable compression on the VPN link.
96# Don't enable this unless it is also
97# enabled in the server config file.
98comp-lzo
99# Set log file verbosity.
100verb 3
101# Silence repeating messages
102;mute 20
103remote 172.20.186.146 1194
104route-delay 5 30
105ip-win32 netsh