2018-09-03 10:21:39 +02:00
|
|
|
# This is the client configuration
|
|
|
|
client
|
|
|
|
|
|
|
|
# No need to bind on specific interfaces, just send udp packets to the openvpn server
|
|
|
|
nobind
|
|
|
|
|
|
|
|
# Send udp packets to port 1194
|
|
|
|
port 1194
|
|
|
|
proto udp
|
|
|
|
|
|
|
|
# We're using the layer 3 tunnel device
|
|
|
|
dev tun
|
|
|
|
|
2018-09-19 12:23:33 +02:00
|
|
|
# Specify vpn server
|
|
|
|
remote vpn-test.inform.hs-hannover.de 1194
|
2018-09-03 10:21:39 +02:00
|
|
|
|
2018-09-19 21:48:08 +02:00
|
|
|
# Certificates (relative paths work, too)
|
2018-09-20 15:04:54 +02:00
|
|
|
ca vpnclient/ca.crt
|
|
|
|
cert vpnclient/jan-philipp.timme@hs-hannover.de.crt
|
|
|
|
key vpnclient/jan-philipp.timme@hs-hannover.de.key
|
2018-09-03 10:21:39 +02:00
|
|
|
|
2018-09-19 14:09:30 +02:00
|
|
|
# Assume tls client role
|
|
|
|
tls-client
|
|
|
|
|
2018-09-03 10:21:39 +02:00
|
|
|
# Make sure the server presents a certificate with "server role"
|
|
|
|
remote-cert-tls server
|
|
|
|
|
2018-09-19 14:09:30 +02:00
|
|
|
# Specific settings regarding TLS, chiphers and hash algorithms
|
|
|
|
cipher AES-256-GCM
|
|
|
|
auth SHA256
|
|
|
|
tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
|
|
|
tls-version-min "1.2"
|
|
|
|
|
2018-09-03 10:21:39 +02:00
|
|
|
# Make sure to detect broken sessions
|
|
|
|
keepalive 10 30
|
|
|
|
|
|
|
|
# These are needed for reduced privileges? Probably yes.
|
|
|
|
persist-key
|
|
|
|
persist-tun
|
|
|
|
|
|
|
|
# Reduced privileges if possible (uncomment and adapt on unix/linux system)
|
2018-09-19 21:48:08 +02:00
|
|
|
# Note: On some systems, the group is "nobody" instead of "nogroup".
|
2018-09-03 10:21:39 +02:00
|
|
|
user nobody
|
2018-09-07 19:21:17 +02:00
|
|
|
group nogroup
|
2018-09-03 10:21:39 +02:00
|
|
|
|
|
|
|
# Logging settings
|
|
|
|
verb 3
|
|
|
|
mute 5
|