# This is the client configuration
client

# No need to bind on specific interfaces, just send udp packets to the openvpn server
nobind

# Send udp packets to port 1194
port 1194
proto udp

# We're using the layer 3 tunnel device
dev tun

# Specify multiple remotes for dualstack connectivity
remote 2003:d7:b70f:e387::5 1194
remote 172.16.20.5 1194

# Certificates
ca /etc/openvpn/vpnclient/ca.crt
cert /etc/openvpn/vpnclient/vpnclient0.crt
key /etc/openvpn/vpnclient/vpnclient0.key

# Make sure the server presents a certificate with "server role"
remote-cert-tls server

# Make sure to detect broken sessions
keepalive 10 30

# These are needed for reduced privileges? Probably yes.
persist-key
persist-tun

# Reduced privileges if possible (uncomment and adapt on unix/linux system)
user nobody
group nogroup

# Logging settings
verb 3
mute 5