1 | ############################################## |
---|
2 | # Sample client-side OpenVPN 2.0 config file # |
---|
3 | # for connecting to multi-client server. # |
---|
4 | # # |
---|
5 | # This configuration can be used by multiple # |
---|
6 | # clients, however each client should have # |
---|
7 | # its own cert and key files. # |
---|
8 | # # |
---|
9 | # On Windows, you might want to rename this # |
---|
10 | # file so it has a .ovpn extension # |
---|
11 | ############################################## |
---|
12 | |
---|
13 | # Specify that we are a client and that we |
---|
14 | # will be pulling certain config file directives |
---|
15 | # from the server. |
---|
16 | client |
---|
17 | |
---|
18 | # Use the same setting as you are using on |
---|
19 | # the server. |
---|
20 | # On most systems, the VPN will not function |
---|
21 | # unless you partially or fully disable |
---|
22 | # the firewall for the TUN/TAP interface. |
---|
23 | ;dev tap |
---|
24 | dev tun |
---|
25 | |
---|
26 | # Windows needs the TAP-Win32 adapter name |
---|
27 | # from the Network Connections panel |
---|
28 | # if you have more than one. On XP SP2, |
---|
29 | # you may need to disable the firewall |
---|
30 | # for the TAP adapter. |
---|
31 | ;dev-node MyTap |
---|
32 | |
---|
33 | # Are we connecting to a TCP or |
---|
34 | # UDP server? Use the same setting as |
---|
35 | # on the server. |
---|
36 | proto tcp-client |
---|
37 | ;proto udp |
---|
38 | |
---|
39 | # The hostname/IP and port of the server. |
---|
40 | # You can have multiple remote entries |
---|
41 | # to load balance between the servers. |
---|
42 | remote 195.154.82.117 443 |
---|
43 | |
---|
44 | # Choose a random host from the remote |
---|
45 | # list for load-balancing. Otherwise |
---|
46 | # try hosts in the order specified. |
---|
47 | ;remote-random |
---|
48 | |
---|
49 | # Keep trying indefinitely to resolve the |
---|
50 | # host name of the OpenVPN server. Very useful |
---|
51 | # on machines which are not permanently connected |
---|
52 | # to the internet such as laptops. |
---|
53 | resolv-retry infinite |
---|
54 | |
---|
55 | # Most clients don't need to bind to |
---|
56 | # a specific local port number. |
---|
57 | nobind |
---|
58 | |
---|
59 | # Downgrade privileges after initialization (non-Windows only) |
---|
60 | ;user nobody |
---|
61 | ;group nogroup |
---|
62 | |
---|
63 | # Try to preserve some state across restarts. |
---|
64 | persist-key |
---|
65 | persist-tun |
---|
66 | |
---|
67 | # If you are connecting through an |
---|
68 | # HTTP proxy to reach the actual OpenVPN |
---|
69 | # server, put the proxy server/IP and |
---|
70 | # port number here. See the man page |
---|
71 | # if your proxy server requires |
---|
72 | # authentication. |
---|
73 | ;http-proxy-retry # retry on connection failures |
---|
74 | ;http-proxy [proxy server] [proxy port #] |
---|
75 | |
---|
76 | # Wireless networks often produce a lot |
---|
77 | # of duplicate packets. Set this flag |
---|
78 | # to silence duplicate packet warnings. |
---|
79 | ;mute-replay-warnings |
---|
80 | |
---|
81 | # SSL/TLS parms. |
---|
82 | # See the server config file for more |
---|
83 | # description. It's best to use |
---|
84 | # a separate .crt/.key file pair |
---|
85 | # for each client. A single ca |
---|
86 | # file can be used for all clients. |
---|
87 | ca ca.crt |
---|
88 | ;cert Nexus5.crt |
---|
89 | ;key Nexus5.key |
---|
90 | auth-user-pass |
---|
91 | |
---|
92 | # Verify server certificate by checking |
---|
93 | # that the certicate has the nsCertType |
---|
94 | # field set to "server". This is an |
---|
95 | # important precaution to protect against |
---|
96 | # a potential attack discussed here: |
---|
97 | # http://openvpn.net/howto.html#mitm |
---|
98 | # |
---|
99 | # To use this feature, you will need to generate |
---|
100 | # your server certificates with the nsCertType |
---|
101 | # field set to "server". The build-key-server |
---|
102 | # script in the easy-rsa folder will do this. |
---|
103 | ns-cert-type server |
---|
104 | |
---|
105 | # If a tls-auth key is used on the server |
---|
106 | # then every client must also have the key. |
---|
107 | ;tls-auth ta.key 1 |
---|
108 | |
---|
109 | # Select a cryptographic cipher. |
---|
110 | # If the cipher option is used on the server |
---|
111 | # then you must also specify it here. |
---|
112 | ;cipher AES-256-CBC |
---|
113 | |
---|
114 | # Enable compression on the VPN link. |
---|
115 | # Don't enable this unless it is also |
---|
116 | # enabled in the server config file. |
---|
117 | comp-lzo |
---|
118 | |
---|
119 | # Set log file verbosity. |
---|
120 | verb 3 |
---|
121 | |
---|
122 | # Silence repeating messages |
---|
123 | ;mute 20 |
---|