# This is the client configuration
client

# No need to bind on specific interfaces, just send udp packets to the openvpn server
nobind

# Send udp packets to port 1194
port 1194
proto udp

# We're using the layer 3 tunnel device
dev tun

# Specify vpn server
remote vpn-test.inform.hs-hannover.de 1194

# Certificates (relativ path to config file, absolute paths possible if needed)
ca vpnclient/ca.crt
cert vpnclient/jan-philipp.timme@hs-hannover.de.crt
key vpnclient/jan-philipp.timme@hs-hannover.de.key

# Assume tls client role
tls-client

# Make sure the server presents a certificate with "server role"
remote-cert-tls server

# Specific settings regarding TLS, chiphers and hash algorithms
cipher AES-256-GCM
auth SHA256
tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
tls-version-min "1.2"

# Make sure to detect broken sessions
keepalive 10 30

# Use this option to prevent OpenVPN from caching the password of your private key
#auth-nocache

# These are needed if running with reduced privileges
persist-key
persist-tun

# Reduced privileges if possible (uncomment and adapt on unix/linux system)
# Note: On some systems, the group is "nobody" instead of "nogroup".
#user nobody
#group nogroup

# Logging settings
verb 3
mute 5