Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed
############################################### Sample client-side OpenVPN 2.0 config file ## for connecting to multi-client server. ## ## This configuration can be used by multiple ## clients, however each client should have ## its own cert and key files. ## ## On Windows, you might want to rename this ## file so it has a .ovpn extension ################################################ Specify that we are a client and that we# will be pulling certain config file directives# from the server.client# Use the same setting as you are using on# the server.# On most systems, the VPN will not function# unless you partially or fully disable# the firewall for the TUN/TAP interface.;dev tapdev tun# Windows needs the TAP-Win32 adapter name# from the Network Connections panel# if you have more than one. On XP SP2,# you may need to disable the firewall# for the TAP adapter.;dev-node MyTap# Are we connecting to a TCP or# UDP server? Use the same setting as# on the server.;proto tcpproto udp# The hostname/IP and port of the server.# You can have multiple remote entries# to load balance between the servers.;remote ujsoftware.homelinux.com 1194remote 72.192.249.185 1194# Choose a random host from the remote# list for load-balancing. Otherwise# try hosts in the order specified.;remote-random# Keep trying indefinitely to resolve the# host name of the OpenVPN server. Very useful# on machines which are not permanently connected# to the internet such as laptops.resolv-retry 60# Most clients don't need to bind to# a specific local port number.nobind# Downgrade privileges after initialization (non-Windows only);user nobody;group nobody# Try to preserve some state across restarts.persist-keypersist-tun# If you are connecting through an# HTTP proxy to reach the actual OpenVPN# server, put the proxy server/IP and# port number here. See the man page# if your proxy server requires# authentication.;http-proxy-retry # retry on connection failures;http-proxy [proxy server] [proxy port #]# Wireless networks often produce a lot# of duplicate packets. Set this flag# to silence duplicate packet warnings.;mute-replay-warnings# SSL/TLS parms.# See the server config file for more# description. It's best to use# a separate .crt/.key file pair# for each client. A single ca# file can be used for all clients.ca ca.crtcert XXX.crtkey XXX.key# Verify server certificate by checking# that the certicate has the nsCertType# field set to "server". This is an# important precaution to protect against# a potential attack discussed here:# http://openvpn.net/howto.html#mitm## To use this feature, you will need to generate# your server certificates with the nsCertType# field set to "server". The build-key-server# script in the easy-rsa folder will do this.ns-cert-type server;remote-cert-tls server# If a tls-auth key is used on the server# then every client must also have the key.tls-auth ta.key 1# Select a cryptographic cipher.# If the cipher option is used on the server# then you must also specify it here.;cipher x# Enable compression on the VPN link.# Don't enable this unless it is also# enabled in the server config file.comp-lzo# Set log file verbosity.verb 3# Silence repeating messages;mute 20;key-direction 1route 0.0.0.0 0.0.0.0floatverb 1