# This is the client configuration client # No need to bind on specific interfaces, just send packets to the openvpn server nobind # Send udp packets to port 1194 port 1194 proto udp # We're using the virtual network interface on layer 3 dev tun # Specify vpn server remote vpn-test.inform.hs-hannover.de 1194 # Certificates to use. EDIT THIS SECTION to reflect your situation ca /etc/openvpn/vpnclient/ca.crt cert /etc/openvpn/vpnclient/jan-philipp.timme@stud.hs-hannover.de.crt key /etc/openvpn/vpnclient/jan-philipp.timme@stud.hs-hannover.de.key # Prevent OpenVPN from caching the password of your private key in memory. # Depending on your use case for OpenVPN, enabling this option can provide more protection # for your private key (and more password prompts during an OpenVPN session) #auth-nocache # Assume client role in tls handshake tls-client # Make sure the server presents a certificate with "server role" # This way people with proper client certificates are unable to impersonate the server remote-cert-tls server # Specific settings regarding TLS, chiphers and hash algorithms # DO NOT CHANGE THIS unless you receive explicit instructions to do so cipher AES-256-GCM auth SHA256 tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 tls-version-min "1.2" # Reduce connection timeout so connection problems are visible sooner connect-timeout 20 # Notify server on client shutdown/restart events, so old sessions get terminated immediately # Try to send notification 3 times (because we're using UDP) explicit-exit-notify 3 # Send ping message every ten seconds, expect session loss after 30 seconds of no response keepalive 10 30 # Enable these if you plan to enable running on reduced privileges # These options allow to keep the private key and the virtual network device handle in memory #persist-key #persist-tun # Reduce privileges after launch (uncomment and adapt on unix/linux system) #user nobody #group nobody # Logging settings verb 3 mute 5