masterthesis/openvpn-config/client.conf

# This is the client configuration
client

# No need to bind on specific interfaces, just send packets to the openvpn server
nobind

# Send udp packets to port 1194
port 1194
proto udp

# We're using the virtual network interface on layer 3
dev tun

# Specify vpn server
remote vpn-test.inform.hs-hannover.de 1194

# Certificates to use. EDIT THIS SECTION to reflect your situation
ca /etc/openvpn/vpnclient/ca.crt
cert /etc/openvpn/vpnclient/jan-philipp.timme@stud.hs-hannover.de.crt
key /etc/openvpn/vpnclient/jan-philipp.timme@stud.hs-hannover.de.key

# Assume client role in tls handshake
tls-client

# Make sure the server presents a certificate with "server role"
# This way people with proper client certificates are unable to impersonate the server
remote-cert-tls server

# Specific settings regarding TLS, chiphers and hash algorithms
# DO NOT CHANGE THIS unless you receive explicit instructions to do so
cipher AES-256-GCM
auth SHA256
tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
tls-version-min "1.2"

# Reduce connection timeout so connection problems are visible sooner
connect-timeout 20

# Notify server on client shutdown/restart events, so old sessions get terminated immediately
# Try to send notification 3 times (because we're using UDP)
explicit-exit-notify 3

# Send ping message every ten seconds, expect session loss after 30 seconds of no response
keepalive 10 30

# Enable these if you plan to enable running on reduced privileges
# These options allow to keep the private key and the virtual network device handle in memory
#persist-key
#persist-tun

# Reduce privileges after launch (uncomment and adapt on unix/linux system)
#user nobody
#group nobody

# Logging settings
verb 3
mute 5
Include openvpn config skeletons 2018-09-03 10:21:39 +02:00			`# This is the client configuration`
			`client`

Autosave 2018-09-27 10:36:27 +02:00			`# No need to bind on specific interfaces, just send packets to the openvpn server`
Include openvpn config skeletons 2018-09-03 10:21:39 +02:00			`nobind`

			`# Send udp packets to port 1194`
			`port 1194`
			`proto udp`

Autosave 2018-09-27 10:36:27 +02:00			`# We're using the virtual network interface on layer 3`
Include openvpn config skeletons 2018-09-03 10:21:39 +02:00			`dev tun`

Update openvpn config 2018-09-19 12:23:33 +02:00			`# Specify vpn server`
			`remote vpn-test.inform.hs-hannover.de 1194`
Include openvpn config skeletons 2018-09-03 10:21:39 +02:00
Autosave 2018-09-27 10:36:27 +02:00			`# Certificates to use. EDIT THIS SECTION to reflect your situation`
			`ca /etc/openvpn/vpnclient/ca.crt`
			`cert /etc/openvpn/vpnclient/jan-philipp.timme@stud.hs-hannover.de.crt`
			`key /etc/openvpn/vpnclient/jan-philipp.timme@stud.hs-hannover.de.key`
Include openvpn config skeletons 2018-09-03 10:21:39 +02:00
Autosave 2018-09-27 10:36:27 +02:00			`# Assume client role in tls handshake`
Update openvpn config one more time 2018-09-19 14:09:30 +02:00			`tls-client`

Include openvpn config skeletons 2018-09-03 10:21:39 +02:00			`# Make sure the server presents a certificate with "server role"`
Autosave 2018-09-27 10:36:27 +02:00			`# This way people with proper client certificates are unable to impersonate the server`
Include openvpn config skeletons 2018-09-03 10:21:39 +02:00			`remote-cert-tls server`

Update openvpn config one more time 2018-09-19 14:09:30 +02:00			`# Specific settings regarding TLS, chiphers and hash algorithms`
Autosave 2018-09-27 10:36:27 +02:00			`# DO NOT CHANGE THIS unless you receive explicit instructions to do so`
Update openvpn config one more time 2018-09-19 14:09:30 +02:00			`cipher AES-256-GCM`
			`auth SHA256`
			`tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384`
			`tls-version-min "1.2"`

Autosave 2018-09-27 10:36:27 +02:00			`# Reduce connection timeout so connection problems are visible sooner`
			`connect-timeout 20`

			`# Notify server on client shutdown/restart events, so old sessions get terminated immediately`
			`# Try to send notification 3 times (because we're using UDP)`
			`explicit-exit-notify 3`
Include openvpn config skeletons 2018-09-03 10:21:39 +02:00
Autosave 2018-09-27 10:36:27 +02:00			`# Send ping message every ten seconds, expect session loss after 30 seconds of no response`
			`keepalive 10 30`
Add auth-nocache to openvpn client config 2018-09-24 17:14:12 +02:00
Autosave 2018-09-27 10:36:27 +02:00			`# Enable these if you plan to enable running on reduced privileges`
			`# These options allow to keep the private key and the virtual network device handle in memory`
			`#persist-key`
			`#persist-tun`
Include openvpn config skeletons 2018-09-03 10:21:39 +02:00
Autosave 2018-09-27 10:36:27 +02:00			`# Reduce privileges after launch (uncomment and adapt on unix/linux system)`
Some changes to client config 2018-09-20 16:20:16 +02:00			`#user nobody`
Autosave 2018-09-27 10:36:27 +02:00			`#group nobody`
Include openvpn config skeletons 2018-09-03 10:21:39 +02:00
			`# Logging settings`
			`verb 3`
			`mute 5`