# /etc/openvpn/client.conf, configuration for openvpn; see openvpn(8) for help # OpenVPN 2.x config file for clients. # Specify that we are a client and that we will be pulling certain # config file directives from the server. client # TCP or UDP server? proto udp # "dev tun" will create a routed IP tunnel, # "dev tap" will create an ethernet tunnel. dev tun # Remote host name or IP address. On the client, multiple --remote # options may be specified for redundancy, each referring to a # different OpenVPN server. remote vpn.haiti.cs.uni-potsdam.de 1194 # Keep trying indefinitely to resolve the host name of the OpenVPN # server. Very useful on machines which are not permanently connected # to the internet such as laptops. resolv-retry infinite # Most clients don't need to bind to a specific local port number. nobind # SSL/TLS root certificate (ca), certificate (cert), and private key (key). # Each client and the server must have their own cert and key file. # The server and all clients will use the same ca file. -----BEGIN CERTIFICATE----- MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ 0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ 3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq 4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= -----END CERTIFICATE----- # For extra security beyond that provided by SSL/TLS, create an # "HMAC firewall" to help block DoS attacks and UDP port flooding. # # Generate with: # openvpn --genkey --secret ta.key # # The server and each client must have a copy of this key. The second # parameter should be '0' on the server and '1' on the clients. #tls-auth /etc/openvpn/keys/ta.key 1 key-direction 1 -----BEGIN OpenVPN Static key V1----- 56ed0e8d1a869a959d61d6223cbbd902 afdeceb895171c0dcefcd0458b781f9d c120aac21f18e2ffa680be5fd3ad531a fb8bef549841822c007e856e17c1a3e5 49853adf3abad31846070e1a564803a4 a2d07c5c37abe41646f3e0d9e5889583 b2995553c6e5be2a4ea86cf6dc1276c4 82ae07c4ed86eac4719294db4bb6f9f0 f86e6c6b37a87176cff61f7a5d38a98d 88aa046168e4db40deef78e62e87dea4 f581c5b9f7153a461db6602abf27cff3 91e688799a1d44f3922c6a8df49a9d52 a64c15bb61c0ea60ed88096f9163f2ac 1740cd0a1d9c76eb3a127d5b7a4f84b0 5d19bc255f354a8eaee24142d61ad14f 1f989d21905264ab0940172aa7eb517f -----END OpenVPN Static key V1----- # Authenticate packets with HMAC using message digest algorithm auth SHA512 # Select a cryptographic cipher. This config item must be copied to # the client config file as well. cipher AES-256-CBC # Enable compression on the VPN link. If you enable it here, you # must also enable it in the client config file. comp-lzo yes comp-noadapt # It's a good idea to reduce the OpenVPN daemon's privileges # after initialization. user nobody group nogroup # The persist options will try to avoid accessing certain resources # on restart that may no longer be accessible because of the # privilege downgrade. persist-key persist-tun # By default, log messages will go to the syslog. Use log or log-append # to override this default. "log" will truncate the log file on OpenVPN # startup, while "log-append" will append to it. log-append /var/log/openvpn.log # Set the appropriate level of log file verbosity. verb 3 # Become a daemon after all initialization functions are completed. #daemon # Authentication against LDAP auth-user-pass auth-nocache