41 lines
883 B
Plaintext
41 lines
883 B
Plaintext
# This is the client configuration
|
|
client
|
|
|
|
# No need to bind on specific interfaces, just send udp packets to the openvpn server
|
|
nobind
|
|
|
|
# Send udp packets to port 1194
|
|
port 1194
|
|
proto udp
|
|
|
|
# We're using the layer 3 tunnel device
|
|
dev tun
|
|
|
|
# Specify multiple remotes for dualstack connectivity
|
|
remote 2003:d7:b70f:e387::5 1194
|
|
remote 172.16.20.5 1194
|
|
|
|
# Certificates
|
|
ca /etc/openvpn/vpnclient/ca.crt
|
|
cert /etc/openvpn/vpnclient/vpnclient0.crt
|
|
key /etc/openvpn/vpnclient/vpnclient0.key
|
|
dh /etc/openvpn/vpnclient/dh2048.pem
|
|
|
|
# Make sure the server presents a certificate with "server role"
|
|
remote-cert-tls server
|
|
|
|
# Make sure to detect broken sessions
|
|
keepalive 10 30
|
|
|
|
# These are needed for reduced privileges? Probably yes.
|
|
persist-key
|
|
persist-tun
|
|
|
|
# Reduced privileges if possible (uncomment and adapt on unix/linux system)
|
|
user nobody
|
|
group nobody
|
|
|
|
# Logging settings
|
|
verb 3
|
|
mute 5
|