The document is an OpenVPN 2.0 client-side configuration file that:
1) Specifies the client will pull configuration from the server and connect to the server's UDP port 1194;
2) Defines authentication using the client's certificate and key files to establish a secure connection.
The document is an OpenVPN 2.0 client-side configuration file that:
1) Specifies the client will pull configuration from the server and connect to the server's UDP port 1194;
2) Defines authentication using the client's certificate and key files to establish a secure connection.
The document is an OpenVPN 2.0 client-side configuration file that:
1) Specifies the client will pull configuration from the server and connect to the server's UDP port 1194;
2) Defines authentication using the client's certificate and key files to establish a secure connection.
# for connecting to multi-client server. # # # # This configuration can be used by multiple # # clients, however each client should have # # its own cert and key files. # # # # On Windows, you might want to rename this # # file so it has a .ovpn extension # ############################################## # Specify that we are a client and that we # will be pulling certain config file directives # from the server. client # Use the same setting as you are using on # the server. # On most systems, the VPN will not function # unless you partially or fully disable # the firewall for the TUN/TAP interface. ;dev tap dev tun # Windows needs the TAP-Win32 adapter name # from the Network Connections panel # if you have more than one. On XP SP2, # you may need to disable the firewall # for the TAP adapter. ;dev-node MyTap # Are we connecting to a TCP or # UDP server? Use the same setting as # on the server. ;proto tcp proto udp # The hostname/IP and port of the server. # You can have multiple remote entries # to load balance between the servers. remote secure.osp.pe 1194 ;remote my-server-2 1194 # Choose a random host from the remote # list for load-balancing. Otherwise # try hosts in the order specified. ;remote-random # Keep trying indefinitely to resolve the # host name of the OpenVPN server. Very useful # on machines which are not permanently connected # to the internet such as laptops. resolv-retry infinite # Most clients don't need to bind to # a specific local port number. nobind # Downgrade privileges after initialization (non-Windows only) user nobody group nogroup # Try to preserve some state across restarts. persist-key persist-tun # If you are connecting through an # HTTP proxy to reach the actual OpenVPN # server, put the proxy server/IP and # port number here. See the man page # if your proxy server requires # authentication. ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] # Wireless networks often produce a lot # of duplicate packets. Set this flag # to silence duplicate packet warnings. ;mute-replay-warnings # SSL/TLS parms. # See the server config file for more # description. It's best to use # a separate .crt/.key file pair # for each client. A single ca # file can be used for all clients. ;ca ca.crt ;cert client.crt ;key client.key # Verify server certificate by checking # that the certicate has the nsCertType # field set to "server". This is an # important precaution to protect against # a potential attack discussed here: # http://openvpn.net/howto.html#mitm # # To use this feature, you will need to generate # your server certificates with the nsCertType # field set to "server". The build-key-server # script in the easy-rsa folder will do this. ns-cert-type server # If a tls-auth key is used on the server # then every client must also have the key. ;tls-auth ta.key 1 # Select a cryptographic cipher. # If the cipher option is used on the server # then you must also specify it here. ;cipher x # Enable compression on the VPN link. # Don't enable this unless it is also # enabled in the server config file. comp-lzo # Set log file verbosity. verb 3 # Silence repeating messages ;mute 20 <ca> -----BEGIN CERTIFICATE----- MIIEpDCCA4ygAwIBAgIJANiJXxjAegqtMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYD VQQGEwJQRTELMAkGA1UECBMCTEkxDTALBgNVBAcTBExpbWExDDAKBgNVBAoTA09T UDERMA8GA1UECxMIU2lzdGVtYXMxFjAUBgNVBAMTDXNlY3VyZS5vc3AucGUxDzAN BgNVBCkTBnNlY3VyZTEdMBsGCSqGSIb3DQEJARYOZ29uemFsb0Bvc3AucGUwHhcN MTUxMjA1MTczNzUxWhcNMjUxMjAyMTczNzUxWjCBkjELMAkGA1UEBhMCUEUxCzAJ BgNVBAgTAkxJMQ0wCwYDVQQHEwRMaW1hMQwwCgYDVQQKEwNPU1AxETAPBgNVBAsT CFNpc3RlbWFzMRYwFAYDVQQDEw1zZWN1cmUub3NwLnBlMQ8wDQYDVQQpEwZzZWN1 cmUxHTAbBgkqhkiG9w0BCQEWDmdvbnphbG9Ab3NwLnBlMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAxLU8dNLVa8XU5y/q7S0Zmyl6okW7fym8hu+le7Cp 3pdVgacwSCSzChHWpjXswOKKn0zUKPjBEpJG34i9WGFMWBwKBnExkAKPnC2yWjTM thNoxuUpL3FYQIr7xWaq/wFtChKUpixd1i+8vi53Wi39zf5HnpksH411yUMZlIMc jYIxQ6D0/6AZyirUjHoeG+5XBfkzDvUfr07SUFCWM/hwyquG2a8g8ydvQX21WGo2 lCB/B2reYtpc0dDyHQdqeYBNcEeha8XttDobuEGONrb3ans1mvqTTVc1jYKvxXFs SYQPXZ/Rk48hNUKe0BW/5qemSDpwzzasB5qzXoRxdDrRmQIDAQABo4H6MIH3MB0G A1UdDgQWBBSRn/NE79oAt7pZLTxEULttusFG5jCBxwYDVR0jBIG/MIG8gBSRn/NE 79oAt7pZLTxEULttusFG5qGBmKSBlTCBkjELMAkGA1UEBhMCUEUxCzAJBgNVBAgT AkxJMQ0wCwYDVQQHEwRMaW1hMQwwCgYDVQQKEwNPU1AxETAPBgNVBAsTCFNpc3Rl bWFzMRYwFAYDVQQDEw1zZWN1cmUub3NwLnBlMQ8wDQYDVQQpEwZzZWN1cmUxHTAb BgkqhkiG9w0BCQEWDmdvbnphbG9Ab3NwLnBlggkA2IlfGMB6Cq0wDAYDVR0TBAUw AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAEEN15hZaMxlUoUw4pj+/OVr7AbwtJLRE H76hcOT0ko3D3I+AbpwkKQUttjD2y4H6erhjXir7eDdr3lUQmPSJqHDTPX+F9PzV EtJkRzNkmHcPLx771OBQ8uwo2TEw/WD8QPBX6aDP6wuNShBjQGNc6idexF4nYXTt 8rJrhTTdv9gGO07WrRsGnpjNy3As+3nc/MsPBDLa8e8BarGrEigv8YNsRD25oWfV uSVbV4xI8SfWuxurY8ZGeVgKp44+5rat5046M9fljwq1CrxsM4Eskjuh6K8Vf1Y5 1ertn73HYdtB1v9onVVDazleWWzZIgyL9LIbHmsDrvbIRVeqSjyL0g== -----END CERTIFICATE----- </ca> <cert> Certificate: Data: Version: 3 (0x2) Serial Number: 12 (0xc) Signature Algorithm: sha256WithRSAEncryption Issuer: C=PE, ST=LI, L=Lima, O=OSP, OU=Sistemas, CN=secure.osp.pe/name=s ecure/emailAddress=gonzalo@osp.pe Validity Not Before: Jan 25 23:44:13 2016 GMT Not After : Jan 22 23:44:13 2026 GMT Subject: C=PE, ST=LI, L=Lima, O=OSP, OU=Sistemas, CN=fernando/name=secur e/emailAddress=fm@osp.pe Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c6:aa:5b:22:8a:91:1c:33:75:2c:bf:67:b5:73: e8:c4:0c:6c:49:de:f9:8d:00:02:0c:07:1b:3b:53: 87:a9:bb:30:e2:80:a9:98:07:5e:75:a3:3e:ff:73: ed:94:66:22:d6:19:9d:71:e5:8f:c5:34:3d:5d:1f: 10:8d:94:e0:c1:fe:fa:55:18:58:90:9a:2d:0b:ce: 90:a5:3b:b2:a5:77:5e:99:dd:31:23:47:ae:06:2c: 5e:48:be:36:05:5a:d6:96:d5:b5:88:fa:52:a9:db: 4b:25:78:32:03:c1:c4:11:1d:0c:a7:18:86:ed:71: d3:77:90:93:f7:46:e2:24:e9:fc:dc:8d:ec:ef:bb: d9:2b:74:c0:6d:bb:51:76:16:53:81:82:67:b5:5b: 8a:3b:81:e0:88:0b:21:19:d2:19:f1:8d:cc:eb:b8: ab:b4:44:52:cd:e1:c0:13:e8:49:85:49:1f:c3:7e: 8f:be:12:11:4d:85:73:82:ec:ef:f2:d3:5c:36:4e: 69:b2:38:5e:dd:a1:84:f2:da:3f:d5:1a:f3:27:12: 67:b0:27:db:78:5c:b1:5e:cb:2a:1d:26:dc:7d:dc: 9f:6c:9d:9c:9c:e6:88:6f:a1:7a:2e:1e:6b:2d:53: 7a:07:17:5b:3c:55:26:19:7c:e4:e1:ba:57:52:48: 18:8b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: Easy-RSA Generated Certificate X509v3 Subject Key Identifier: ED:6F:E4:15:A5:39:24:D2:28:E2:A7:19:F5:5F:0E:F3:44:F6:B8:CC X509v3 Authority Key Identifier: keyid:91:9F:F3:44:EF:DA:00:B7:BA:59:2D:3C:44:50:BB:6D:BA:C1:46:E 6 DirName:/C=PE/ST=LI/L=Lima/O=OSP/OU=Sistemas/CN=secure.osp.pe/na me=secure/emailAddress=gonzalo@osp.pe serial:D8:89:5F:18:C0:7A:0A:AD X509v3 Extended Key Usage: TLS Web Client Authentication X509v3 Key Usage: Digital Signature X509v3 Subject Alternative Name: DNS:fernando Signature Algorithm: sha256WithRSAEncryption 83:da:3d:6e:51:eb:c5:19:6d:0b:2e:fa:3f:24:cb:e0:af:bf: 8c:5f:b4:a7:1d:b6:80:13:d1:a1:5a:84:dd:96:ef:a6:fe:1e: 98:45:e6:8a:33:9a:a6:69:fc:80:90:65:9e:e6:53:31:bb:b8: 75:38:90:3d:02:bd:ef:34:e9:08:4c:1e:91:63:15:66:24:bf: 63:eb:f9:f2:6c:a8:ab:bb:7b:2a:97:15:fd:7f:94:8a:de:54: 9a:e5:62:2a:53:13:c1:20:14:96:53:8c:ed:b6:ee:c0:04:f8: 6f:cc:02:a1:f8:0f:36:95:f2:84:17:02:11:45:3d:08:cd:ee: 06:e8:bc:eb:12:e4:d1:72:a6:c0:65:39:95:4e:da:0b:19:2c: 4e:cb:1d:be:9b:ab:79:60:1b:cd:4b:69:47:67:20:2c:6e:44: 0d:04:dc:a5:c9:94:e5:f8:6d:2d:56:4d:29:c4:68:02:68:53: d2:a0:be:38:a3:91:c5:77:a0:c2:fc:91:f2:f4:c2:66:28:8d: 31:8f:3d:62:a7:11:cc:00:c4:5a:8c:c3:78:5f:1d:5d:cf:03: 64:2b:ee:ea:31:a5:70:65:72:82:19:bd:06:b1:b3:71:3b:58: 9c:cb:8d:07:66:34:93:7e:d2:01:9e:fb:b2:a9:b5:3c:60:08: ea:20:db:89 -----BEGIN CERTIFICATE----- MIIE9zCCA9+gAwIBAgIBDDANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCUEUx CzAJBgNVBAgTAkxJMQ0wCwYDVQQHEwRMaW1hMQwwCgYDVQQKEwNPU1AxETAPBgNV BAsTCFNpc3RlbWFzMRYwFAYDVQQDEw1zZWN1cmUub3NwLnBlMQ8wDQYDVQQpEwZz ZWN1cmUxHTAbBgkqhkiG9w0BCQEWDmdvbnphbG9Ab3NwLnBlMB4XDTE2MDEyNTIz NDQxM1oXDTI2MDEyMjIzNDQxM1owgYgxCzAJBgNVBAYTAlBFMQswCQYDVQQIEwJM STENMAsGA1UEBxMETGltYTEMMAoGA1UEChMDT1NQMREwDwYDVQQLEwhTaXN0ZW1h czERMA8GA1UEAxMIZmVybmFuZG8xDzANBgNVBCkTBnNlY3VyZTEYMBYGCSqGSIb3 DQEJARYJZm1Ab3NwLnBlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA xqpbIoqRHDN1LL9ntXPoxAxsSd75jQACDAcbO1OHqbsw4oCpmAdedaM+/3PtlGYi 1hmdceWPxTQ9XR8QjZTgwf76VRhYkJotC86QpTuypXdemd0xI0euBixeSL42BVrW ltW1iPpSqdtLJXgyA8HEER0MpxiG7XHTd5CT90biJOn83I3s77vZK3TAbbtRdhZT gYJntVuKO4HgiAshGdIZ8Y3M67irtERSzeHAE+hJhUkfw36PvhIRTYVzguzv8tNc Nk5psjhe3aGE8to/1RrzJxJnsCfbeFyxXssqHSbcfdyfbJ2cnOaIb6F6Lh5rLVN6 BxdbPFUmGXzk4bpXUkgYiwIDAQABo4IBXjCCAVowCQYDVR0TBAIwADAtBglghkgB hvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW BBTtb+QVpTkk0ijipxn1Xw7zRPa4zDCBxwYDVR0jBIG/MIG8gBSRn/NE79oAt7pZ LTxEULttusFG5qGBmKSBlTCBkjELMAkGA1UEBhMCUEUxCzAJBgNVBAgTAkxJMQ0w CwYDVQQHEwRMaW1hMQwwCgYDVQQKEwNPU1AxETAPBgNVBAsTCFNpc3RlbWFzMRYw FAYDVQQDEw1zZWN1cmUub3NwLnBlMQ8wDQYDVQQpEwZzZWN1cmUxHTAbBgkqhkiG 9w0BCQEWDmdvbnphbG9Ab3NwLnBlggkA2IlfGMB6Cq0wEwYDVR0lBAwwCgYIKwYB BQUHAwIwCwYDVR0PBAQDAgeAMBMGA1UdEQQMMAqCCGZlcm5hbmRvMA0GCSqGSIb3 DQEBCwUAA4IBAQCD2j1uUevFGW0LLvo/JMvgr7+MX7SnHbaAE9GhWoTdlu+m/h6Y ReaKM5qmafyAkGWe5lMxu7h1OJA9Ar3vNOkITB6RYxVmJL9j6/nybKiru3sqlxX9 f5SK3lSa5WIqUxPBIBSWU4zttu7ABPhvzAKh+A82lfKEFwIRRT0Ize4G6LzrEuTR cqbAZTmVTtoLGSxOyx2+m6t5YBvNS2lHZyAsbkQNBNylyZTl+G0tVk0pxGgCaFPS oL44o5HFd6DC/JHy9MJmKI0xjz1ipxHMAMRajMN4Xx1dzwNkK+7qMaVwZXKCGb0G sbNxO1icy40HZjSTftIBnvuyqbU8YAjqINuJ -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDGqlsiipEcM3Us v2e1c+jEDGxJ3vmNAAIMBxs7U4epuzDigKmYB151oz7/c+2UZiLWGZ1x5Y/FND1d HxCNlODB/vpVGFiQmi0LzpClO7Kld16Z3TEjR64GLF5IvjYFWtaW1bWI+lKp20sl eDIDwcQRHQynGIbtcdN3kJP3RuIk6fzcjezvu9krdMBtu1F2FlOBgme1W4o7geCI CyEZ0hnxjczruKu0RFLN4cAT6EmFSR/Dfo++EhFNhXOC7O/y01w2TmmyOF7doYTy 2j/VGvMnEmewJ9t4XLFeyyodJtx93J9snZyc5ohvoXouHmstU3oHF1s8VSYZfOTh uldSSBiLAgMBAAECggEAMVXO6gYFQT6aI7GovIv7SuxW3AVubZCJ8Zi2L4Zv0zu0 SRtwgluaHpaap2+PmWG/1vFngwhiKrPtZTm4r6BALIz4d7djDw3qj9sNWqs3kxXQ vV8Lu9oqIkhUZbYuzief0LdjrI+Vha76u2Rc70foO+O956UUpNS2kiOqSyckM8wj vx+3X731J3lc9WHPK9qYzlVskcYRgpDih4JkoEmXwIN6S4IAeC9X3Uch6RSZgL1D zuAddYEKq67OBdeOF3Ksy+se87aUS3uG1obPw7L2OmZfQr2T4w1iKqV8Gu/q0Mna hFB1NAJQHGsYJByVOGJTa6Epetzuy+N+ZuGXxjne2QKBgQDnOXn9zslwcGodg2qK /EEt1jY6p8TIEKzhEAg45U/Dw5pSFrzv7nSPgUnW1eMDROuzbnFNoYKKYE1inQvA TrAlBa17kTqTO+i4sANtvFCmZjO1A8lz+qVMMvJZ8n2xO9MIupZvQ2mrQ31CvyFe jY8Eqo4GDGGQUxNCO4566V6xrQKBgQDb88eHAcgA7ITVTSYHddtNg29dXxcDd4IB vk7xKQns8kz4AjucqBHbq53CcxmimEgVzR4NYETXBr2hjaifksKNlWTgXjfyo+k9 e3Sluy/6Ntk6t541pk9zQ7riL6mY+hRb0RQpZOI1S0x1vEXHKZkEJ+lgUtFQxZsZ u3wulZbqFwKBgGhmzE0sTEoHh/JRfw7IPUnL+epcC/7lgJmSWpQN/gj/TbOY7rBK 87hEASoOoxS7zszSpjgOH9oJB4fqLv8iyGe++4jalx8ZoseZOcMXjzbC2L/3uMM0 PeR88G5qjhQzVeMQFJKiVpjsvSchE5kUw6mwtLXIa1j2GbEDIR8gNhB1AoGAWzeH WOMROejc0cTz74YeE9BdYACuf56RSP3OqU7WsfBuoS/z3u0IsuxCOcEYMYkr4/az 7uIsymweOqCP/NWVX7hEJJSOaU82zGulnZG6vO8AOcyqjR9Stb+yAlm34RxdUxKr ZNtUwLtgkzcoTQdgUQvoSi0uZ2v7/bj2MC+TbbMCgYBPDFRGsai7MurOcbnUL357 tB2jzSOLYgRU436bfleTChqXGdYvj/mJ4KvS0xu5juyfk7vvuClN9Ukr23MQxNWk g7TqVJ6MqHRtXAOUkrODV5OdAstLGkWMJguMFCcONMvuffqKIu8DicujKWCUKAs+ TikFj720boQGnNc4Bf7/+w== -----END PRIVATE KEY----- </key>