# This is the client configuration client # No need to bind on specific interfaces, just send udp packets to the openvpn server nobind # Send udp packets to port 1194 port 1194 proto udp # We're using the layer 3 tunnel device dev tun # Specify vpn server remote vpn-test.inform.hs-hannover.de 1194 # Certificates (relative paths work, too) ca /etc/openvpn/vpnclient/ca.crt cert /etc/openvpn/vpnclient/jan-philipp.timme@hs-hannover.de.crt key /etc/openvpn/vpnclient/jan-philipp.timme@hs-hannover.de.key # Assume tls client role tls-client # Make sure the server presents a certificate with "server role" remote-cert-tls server # Specific settings regarding TLS, chiphers and hash algorithms cipher AES-256-GCM auth SHA256 tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 tls-version-min "1.2" # Make sure to detect broken sessions keepalive 10 30 # These are needed for reduced privileges? Probably yes. persist-key persist-tun # Reduced privileges if possible (uncomment and adapt on unix/linux system) # Note: On some systems, the group is "nobody" instead of "nogroup". user nobody group nogroup # Logging settings verb 3 mute 5