############################################## # Sample client-side OpenVPN 2.0 config file # # for connecting to multi-client server. # # # # This configuration can be used by multiple # # clients, however each client should have # # its own cert and key files. # # # # On Windows, you might want to rename this # # file so it has a .ovpn extension # ############################################## # Specify that we are a client and that we # will be pulling certain config file directives # from the serverr. # client # Use the same setting as you are using on # the server. # On most systems, the VPN will not function # unless you partially or fully disable # the firewall for the TUN/TAP interface. ;dev tap dev tun # Windows needs the TAP-Win32 adapter name # from the Network Connections panel # if you have more than one. On XP SP2, # you may need to disable the firewall # for the TAP adapter. ;dev-node MyTap # Are we connecting to a TCP or # UDP server? Use the same setting as # on the server. proto udp # The hostname/IP and port of the server. # You can have multiple remote entries # to load balance between the servers. remote vpn.ccd.uniroma2.it 1194 # Choose a random host from the remote # list for load-balancing. Otherwise # try hosts in the order specified. ;remote-random # Keep trying indefinitely to resolve the # host name of the OpenVPN server. Very useful # on machines which are not permanently connected # to the internet such as laptops. resolv-retry infinite # Most clients don't need to bind to # a specific local port number. nobind # Downgrade privileges after initialization (non-Windows only) ;user nobody ;group nobody # Try to preserve some state across restarts. persist-key persist-tun # If you are connecting through an # HTTP proxy to reach the actual OpenVPN # server, put the proxy server/IP and # port number here. See the man page # if your proxy server requires # authentication. ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] # Wireless networks often produce a lot # of duplicate packets. Set this flag # to silence duplicate packet warnings. ;mute-replay-warnings # SSL/TLS parms. # See the server config file for more # description. It's best to use # a separate .crt/.key file pair # for each client. A single ca # file can be used for all clients. #ca ca.crt #cert client.crt #key client.key -----BEGIN CERTIFICATE----- MIID0TCCArmgAwIBAgIUbSigZYkWNuLLru7ujKnLcOlogEMwDQYJKoZIhvcNAQEL BQAwgYYxCzAJBgNVBAYTAklUMTQwMgYDVQQKDCtVbml2ZXJzaXTDoCBkZWdsaSBT dHVkaSBkaSBSb21hIFRvciBWZXJnYXRhMSswKQYDVQQLDCJDZW50cm8gZGkgQ2Fs Y29sbyBlIERvY3VtZW50YXppb25lMRQwEgYDVQQDDAtvdnBuX1Jvb3RDQTAeFw0x NzA4MDMyMzU0NTRaFw00NzA4MDMyMzU0NTRaMIGGMQswCQYDVQQGEwJJVDE0MDIG A1UECgwrVW5pdmVyc2l0w6AgZGVnbGkgU3R1ZGkgZGkgUm9tYSBUb3IgVmVyZ2F0 YTErMCkGA1UECwwiQ2VudHJvIGRpIENhbGNvbG8gZSBEb2N1bWVudGF6aW9uZTEU MBIGA1UEAwwLb3Zwbl9Sb290Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCeHDzEhr3WtVdU6XlI9SYcmuTR6cdl+axydKPvqw/ihoaImJvMsrhkYfr6 jOb1eheTwMQLg2OHSty2hkc4VE3u8wcBgSVCOmjb0zBLt25YxO6bc3oDMxEBcez7 J2VJIckpaZKsX7jO7b68Qwx6NzNr4Uqg2Apt/1HN/EwLDeH+nYANM6m5XeUjVDT5 gnf2hIzUV5vXXSycHtSh5m9VjbjtydZ7rOVq+RYOYPjlERG+5y/v4S4C9P040lVN DxaZ8TpYcYsY6mv6kuyOLjxAxb+QL2d2YO214nQWEAT4K3vR2D6bRizTS+lSrosR lfwTS23eysLAGkFugjjJkWYtuSkzAgMBAAGjNTAzMBIGA1UdEwEB/wQIMAYBAf8C AQIwHQYDVR0OBBYEFLeBVj9YYbiH9lpQtUc7Ycc8uMhsMA0GCSqGSIb3DQEBCwUA A4IBAQAxIknCl8MRo6tTLzjG5SaZa58tJ3TGUllruOg1sJmoag4yVopt1XkLp1VG Qov3rCrcEGsPwpD/mIC2rtsO+IP/HLmqCNl8qj4CJMEyHW8NpdTTeMKwmJtyaCpA nCYwokhEi192z4WttOb3gpmn8+kw1mZo1mV4E7TQsdzlr9vl43RNI8uRLdh0Bmgo QJMGLSrMCzgDYa/7pFjtZwRqqcx7sfuqQcSsv/dqTHDCiH87ftn8FcQJEG6IjSM1 zj8kiCdWV1cNR6Zv7dG9SqCivRf9N2Oe5C5oFCxftTtIXiwYfL7ke4YL8i79eMby GpNU+QXFdDhbOnGXoNNWujIjBipr -----END CERTIFICATE----- # Verify server certificate by checking # that the certicate has the nsCertType # field set to "server". This is an # important precaution to protect against # a potential attack discussed here: # http://openvpn.net/howto.html#mitm # # To use this feature, you will need to generate # your server certificates with the nsCertType # field set to "server". The build-key-server # script in the easy-rsa folder will do this. remote-cert-eku "TLS Web Server Authentication" # If a tls-auth key is used on the server # then every client must also have the key. #tls-auth ta.key 1 key-direction 1 -----BEGIN OpenVPN Static key V1----- 79ffa09f5d391cfc60d50edc23dacd22 732c7d57024652771d8c315a8c06cebf 4add5354fd20f904befad84343b66490 a741a77ad34b9f10c0b432f1360c7978 33b2102b03c006abfece47ad75f2a937 5ae18026e6b18a964616cff77969cec3 0a701d6cc0b1181291f3dcf6f76a5ae9 acd349f496a4780660313c7e82c74f2d 80ec6f277927ab412b793ea677b0998f c9de81e48b1ad9def7641fdd78235a8d 488700109db5304a595b3907482f6afd 619807c33c90b0fa46152345d9806d55 f379f020b0f67195661410808da17fa4 8036ec89f4140e4aa8f48e0dd3726cce 6c519cb8eccd795cf4355e838115a073 6a97fd9ab423999aee295959ce54e6b1 -----END OpenVPN Static key V1----- # Select a cryptographic cipher. # If the cipher option is used on the server # then you must also specify it here. cipher AES-128-CBC # Enable compression on the VPN link. # Don't enable this unless it is also # enabled in the server config file. comp-lzo # Set log file verbosity. verb 3 # Silence repeating messages ;mute 20 auth-user-pass ;fragment 1300 ;mssfix