1 ##############################################
2 # Sample client-side OpenVPN 2.0 config file #
3 # for connecting to multi-client server. #
5 # This configuration can be used by multiple #
6 # clients, however each client should have #
7 # its own cert and key files. #
9 # On Windows, you might want to rename this #
10 # file so it has a .ovpn extension #
11 ##############################################
13 # Specify that we are a client and that we
14 # will be pulling certain config file directives
18 # Use the same setting as you are using on
20 # On most systems, the VPN will not function
21 # unless you partially or fully disable
22 # the firewall for the TUN/TAP interface.
26 # Windows needs the TAP-Win32 adapter name
27 # from the Network Connections panel
28 # if you have more than one. On XP SP2,
29 # you may need to disable the firewall
30 # for the TAP adapter.
33 # Are we connecting to a TCP or
34 # UDP server? Use the same setting as
39 # The hostname/IP and port of the server.
40 # You can have multiple remote entries
41 # to load balance between the servers.
42 ;remote my-server-1 1194
43 ;remote my-server-2 1194
44 verify-x509-name server.example.com name
47 # Choose a random host from the remote
48 # list for load-balancing. Otherwise
49 # try hosts in the order specified.
52 # Keep trying indefinitely to resolve the
53 # host name of the OpenVPN server. Very useful
54 # on machines which are not permanently connected
55 # to the internet such as laptops.
58 # Most clients don't need to bind to
59 # a specific local port number.
62 # Downgrade privileges after initialization (non-Windows only)
66 # Try to preserve some state across restarts.
70 # If you are connecting through an
71 # HTTP proxy to reach the actual OpenVPN
72 # server, put the proxy server/IP and
73 # port number here. See the man page
74 # if your proxy server requires
76 ;http-proxy-retry # retry on connection failures
77 ;http-proxy [proxy server] [proxy port #]
79 # Wireless networks often produce a lot
80 # of duplicate packets. Set this flag
81 # to silence duplicate packet warnings.
85 # See the server config file for more
86 # description. It's best to use
87 # a separate .crt/.key file pair
88 # for each client. A single ca
89 # file can be used for all clients.
94 # Verify server certificate by checking
95 # that the certicate has the nsCertType
96 # field set to "server". This is an
97 # important precaution to protect against
98 # a potential attack discussed here:
99 # http://openvpn.net/howto.html#mitm
101 # To use this feature, you will need to generate
102 # your server certificates with the nsCertType
103 # field set to "server". The build-key-server
104 # script in the easy-rsa folder will do this.
107 # If a tls-auth key is used on the server
108 # then every client must also have the key.
111 # Select a cryptographic cipher.
112 # If the cipher option is used on the server
113 # then you must also specify it here.
115 # Attention: it must fit in 256 bytes, so not the infamous CipherStringB!
116 tls-cipher DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
120 # https://openvpn.net/index.php/open-source/documentation/howto.html#mitm
121 remote-cert-tls server
124 # Enable compression on the VPN link.
125 # Don't enable this unless it is also
126 # enabled in the server config file.
129 # Set log file verbosity.
132 # Silence repeating messages