| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127 |
- ##############################################
- # Sample client-side OpenVPN 2.0 config file #
- # for connecting to multi-client server. #
- # #
- # This configuration can be used by multiple #
- # clients, however each client should have #
- # its own cert and key files. #
- # #
- # On Windows, you might want to rename this #
- # file so it has a .ovpn extension #
- ##############################################
- # Specify that we are a client and that we
- # will be pulling certain config file directives
- # from the server.
- client
- # Use the same setting as you are using on
- # the server.
- # On most systems, the VPN will not function
- # unless you partially or fully disable
- # the firewall for the TUN/TAP interface.
- ;dev tap
- dev tun
- # Windows needs the TAP-Win32 adapter name
- # from the Network Connections panel
- # if you have more than one. On XP SP2,
- # you may need to disable the firewall
- # for the TAP adapter.
- ;dev-node MyTap
- # Are we connecting to a TCP or
- # UDP server? Use the same setting as
- # on the server.
- ;proto tcp
- proto udp
- # The hostname/IP and port of the server.
- # You can have multiple remote entries
- # to load balance between the servers.
- remote my-server-1 1194
- ;remote my-server-2 1194
- # Choose a random host from the remote
- # list for load-balancing. Otherwise
- # try hosts in the order specified.
- ;remote-random
- # Keep trying indefinitely to resolve the
- # host name of the OpenVPN server. Very useful
- # on machines which are not permanently connected
- # to the internet such as laptops.
- resolv-retry infinite
- # Most clients don't need to bind to
- # a specific local port number.
- nobind
- # Downgrade privileges after initialization (non-Windows only)
- ;user nobody
- ;group nobody
- # Try to preserve some state across restarts.
- persist-key
- persist-tun
- # If you are connecting through an
- # HTTP proxy to reach the actual OpenVPN
- # server, put the proxy server/IP and
- # port number here. See the man page
- # if your proxy server requires
- # authentication.
- ;http-proxy-retry # retry on connection failures
- ;http-proxy [proxy server] [proxy port #]
- # Wireless networks often produce a lot
- # of duplicate packets. Set this flag
- # to silence duplicate packet warnings.
- ;mute-replay-warnings
- # SSL/TLS parms.
- # See the server config file for more
- # description. It's best to use
- # a separate .crt/.key file pair
- # for each client. A single ca
- # file can be used for all clients.
- ca ca.crt
- cert client.crt
- key client.key
- # Verify server certificate by checking that the
- # certicate has the correct key usage set.
- # This is an important precaution to protect against
- # a potential attack discussed here:
- # http://openvpn.net/howto.html#mitm
- #
- # To use this feature, you will need to generate
- # your server certificates with the keyUsage set to
- # digitalSignature, keyEncipherment
- # and the extendedKeyUsage to
- # serverAuth
- # EasyRSA can do this for you.
- remote-cert-tls server
- # If a tls-auth key is used on the server
- # then every client must also have the key.
- tls-auth ta.key 1
- # Select a cryptographic cipher.
- # If the cipher option is used on the server
- # then you must also specify it here.
- # Note that v2.4 client/server will automatically
- # negotiate AES-256-GCM in TLS mode.
- # See also the ncp-cipher option in the manpage
- cipher AES-256-CBC
- # Enable compression on the VPN link.
- # Don't enable this unless it is also
- # enabled in the server config file.
- #comp-lzo
- # Set log file verbosity.
- verb 3
- # Silence repeating messages
- ;mute 20
|
