# This is the client configuration
client

# No need to bind on specific interfaces, just send packets to the openvpn server
nobind

# Send udp packets to port 1194
port 1194
proto udp

# We're using the virtual network interface on layer 3
dev tun

# Specify vpn server
remote vpn-test.inform.hs-hannover.de 1194

# Certificates to use. EDIT THIS SECTION to reflect your situation
ca /etc/openvpn/vpnclient/ca.crt
cert /etc/openvpn/vpnclient/jan-philipp.timme@stud.hs-hannover.de.crt
key /etc/openvpn/vpnclient/jan-philipp.timme@stud.hs-hannover.de.key

# Prevent OpenVPN from caching the password of your private key in memory.
# Depending on your use case for OpenVPN, enabling this option can provide more protection
# for your private key (and more password prompts during an OpenVPN session)
#auth-nocache

# Assume client role in tls handshake
tls-client

# Make sure the server presents a certificate with "server role"
# This way people with proper client certificates are unable to impersonate the server
remote-cert-tls server

### START BLOCK CRYPTOGRAPHY
# Specific settings regarding TLS, chiphers and hash algorithms
# DO NOT CHANGE THIS unless you receive explicit instructions to do so
# These settings need to be identical in client and server configuration!

# Protect data channel with this cipher
cipher AES-256-GCM

# Authenticate packets in data and control channel using HMAC with this
# message digest algorithm
auth SHA256

# Use this specific cipher to secure the control channel
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384

# Only allow TLS version 1.2 and higher
tls-version-min "1.2"
### END BLOCK CRYPTOGRAPHY

# Reduce connection timeout so connection problems are visible sooner
connect-timeout 20

# Notify server on client shutdown/restart events, so old sessions get terminated immediately
# Try to send notification 3 times (because we're using UDP)
explicit-exit-notify 3

# Enable these if you plan to enable running on reduced privileges
# These options allow to keep the private key and the virtual network device handle in memory
#persist-key
#persist-tun

# Reduce privileges after launch (uncomment and adapt on unix/linux system)
# Note: On some systems, the group is called "nobody" instead of "nogroup"
#user nobody
#group nogroup

# Logging settings
verb 3
mute 5