##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the serverr.
#
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote vpn.ccd.uniroma2.it 1194
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
#ca ca.crt
#cert client.crt
#key client.key
-----BEGIN CERTIFICATE-----
MIID0TCCArmgAwIBAgIUbSigZYkWNuLLru7ujKnLcOlogEMwDQYJKoZIhvcNAQEL
BQAwgYYxCzAJBgNVBAYTAklUMTQwMgYDVQQKDCtVbml2ZXJzaXTDoCBkZWdsaSBT
dHVkaSBkaSBSb21hIFRvciBWZXJnYXRhMSswKQYDVQQLDCJDZW50cm8gZGkgQ2Fs
Y29sbyBlIERvY3VtZW50YXppb25lMRQwEgYDVQQDDAtvdnBuX1Jvb3RDQTAeFw0x
NzA4MDMyMzU0NTRaFw00NzA4MDMyMzU0NTRaMIGGMQswCQYDVQQGEwJJVDE0MDIG
A1UECgwrVW5pdmVyc2l0w6AgZGVnbGkgU3R1ZGkgZGkgUm9tYSBUb3IgVmVyZ2F0
YTErMCkGA1UECwwiQ2VudHJvIGRpIENhbGNvbG8gZSBEb2N1bWVudGF6aW9uZTEU
MBIGA1UEAwwLb3Zwbl9Sb290Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCeHDzEhr3WtVdU6XlI9SYcmuTR6cdl+axydKPvqw/ihoaImJvMsrhkYfr6
jOb1eheTwMQLg2OHSty2hkc4VE3u8wcBgSVCOmjb0zBLt25YxO6bc3oDMxEBcez7
J2VJIckpaZKsX7jO7b68Qwx6NzNr4Uqg2Apt/1HN/EwLDeH+nYANM6m5XeUjVDT5
gnf2hIzUV5vXXSycHtSh5m9VjbjtydZ7rOVq+RYOYPjlERG+5y/v4S4C9P040lVN
DxaZ8TpYcYsY6mv6kuyOLjxAxb+QL2d2YO214nQWEAT4K3vR2D6bRizTS+lSrosR
lfwTS23eysLAGkFugjjJkWYtuSkzAgMBAAGjNTAzMBIGA1UdEwEB/wQIMAYBAf8C
AQIwHQYDVR0OBBYEFLeBVj9YYbiH9lpQtUc7Ycc8uMhsMA0GCSqGSIb3DQEBCwUA
A4IBAQAxIknCl8MRo6tTLzjG5SaZa58tJ3TGUllruOg1sJmoag4yVopt1XkLp1VG
Qov3rCrcEGsPwpD/mIC2rtsO+IP/HLmqCNl8qj4CJMEyHW8NpdTTeMKwmJtyaCpA
nCYwokhEi192z4WttOb3gpmn8+kw1mZo1mV4E7TQsdzlr9vl43RNI8uRLdh0Bmgo
QJMGLSrMCzgDYa/7pFjtZwRqqcx7sfuqQcSsv/dqTHDCiH87ftn8FcQJEG6IjSM1
zj8kiCdWV1cNR6Zv7dG9SqCivRf9N2Oe5C5oFCxftTtIXiwYfL7ke4YL8i79eMby
GpNU+QXFdDhbOnGXoNNWujIjBipr
-----END CERTIFICATE-----
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
remote-cert-eku "TLS Web Server Authentication"
# If a tls-auth key is used on the server
# then every client must also have the key.
#tls-auth ta.key 1
key-direction 1
-----BEGIN OpenVPN Static key V1-----
79ffa09f5d391cfc60d50edc23dacd22
732c7d57024652771d8c315a8c06cebf
4add5354fd20f904befad84343b66490
a741a77ad34b9f10c0b432f1360c7978
33b2102b03c006abfece47ad75f2a937
5ae18026e6b18a964616cff77969cec3
0a701d6cc0b1181291f3dcf6f76a5ae9
acd349f496a4780660313c7e82c74f2d
80ec6f277927ab412b793ea677b0998f
c9de81e48b1ad9def7641fdd78235a8d
488700109db5304a595b3907482f6afd
619807c33c90b0fa46152345d9806d55
f379f020b0f67195661410808da17fa4
8036ec89f4140e4aa8f48e0dd3726cce
6c519cb8eccd795cf4355e838115a073
6a97fd9ab423999aee295959ce54e6b1
-----END OpenVPN Static key V1-----
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-128-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
auth-user-pass
;fragment 1300
;mssfix