##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server.     #
#                                            #
# This configuration can be used by multiple #
# clients, however each client should have   #
# its own cert and key files.                #
#                                            #
# On Windows, you might want to rename this  #
# file so it has a .ovpn extension           #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one.  On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote vpn.yultek.dev 1194
;remote 138.197.151.172 1194
;remote my-server-2 1194

# Choose a random host from the remote
# list for load-balancing.  Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody

# Try to preserve some state across restarts.
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here.  See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets.  Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
;ca ca.crt
;cert client.crt
;key client.key

# Verify server certificate by checking that the
# certificate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
#   digitalSignature, keyEncipherment
# and the extendedKeyUsage to
#   serverAuth
# EasyRSA can do this for you.
remote-cert-tls server

# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Note that v2.4 client/server will automatically
# negotiate AES-256-GCM in TLS mode.
# See also the data-ciphers option in the manpage
cipher AES-256-GCM
auth SHA256

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
#comp-lzo

# Set log file verbosity.
verb 3

# Silence repeating messages
;mute 20

key-direction 1


; script-security 2
; up /etc/openvpn/update-resolv-conf
; down /etc/openvpn/update-resolv-conf


; script-security 2
; up /etc/openvpn/update-systemd-resolved
; down /etc/openvpn/update-systemd-resolved
; down-pre
; dhcp-option DOMAIN-ROUTE .
<ca>
-----BEGIN CERTIFICATE-----
MIIDRTCCAi2gAwIBAgIUXe37kz2yqgyL2xXfvaGRzlz7ywYwDQYJKoZIhvcNAQEL
BQAwFDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDIyMDIyMDkyMVoXDTMzMDIx
NzIyMDkyMVowFDESMBAGA1UEAwwJSkZfc2VydmVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAnLdVAj0W31TtWGxwdBeqsdIHyUdVAEG8bX+CcNZDP3M3
R/gJOmenjqsqHYBe5gZcky1hkqWaD7l/LNmyzZDZ1lVEWpcAZqxbsUZKiHU30bxq
84L5qtaAOpwTsumidq2hBqoDBMdBmh18e0QEW624mui7ckXTRRG3PA0ccXtXcTYU
ntmhYtQ2oaPauSmfJZIUfZTfVZbB8FkCgu+zJtCx5hq46vIHm8KX0m1zLIeUtGsI
hkly+5v52f3sEMlddyoZZkfjRddETk2co09q3oNaP1LYxN5G+TvZDhpdE+PrDsNT
wO4uU2d9hVIP3T49heLieZ6KVxyp1FsDYzo0CNlIDwIDAQABo4GOMIGLMB0GA1Ud
DgQWBBSKeJDl8FDnjHXkuMCh6OmbshqdMjBPBgNVHSMESDBGgBSKeJDl8FDnjHXk
uMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJSkZfc2VydmVyghRd7fuTPbKqDIvb
Fd+9oZHOXPvLBjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B
AQsFAAOCAQEARIg2x4Tit/6ZydMlle6ku32t75OMCVQoe7fUkRjNe8pCkZjZXLy9
QIRwoqW3FRT8+mQjctZk3NsyLStF8Rc/fFvpjGY/hiEQ/RV1K2/IZ9hcswp/LRzQ
ElDwXhe4zlcDT10GjHYYx221SR+ijgicZcaXgb9f3uZKIrPgyb8qB4KCQS8gPtCV
1VmPM5/svVCI93G+xT92XBHa47fgV5GEn7Snah2UgFol5h7/KX/Sa2q0pfBlzqmt
CutfEbYcwSxkoLsEUIW8KMoEAIsO+KIsraS6EXlRdT82Ui+UZWVPZABlzifCl+AV
LzBrLwt2OeoEI1h65EyzzE7gDsjrE3JR/Q==
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            ab:57:22:69:00:94:7d:2d:f2:86:c1:7c:f6:84:a4:d1
        Signature Algorithm: sha512WithRSAEncryption
        Issuer: CN=JF_server
        Validity
            Not Before: May 26 19:26:43 2025 GMT
            Not After : May 19 19:26:43 2055 GMT
        Subject: CN=fred
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (384 bit)
                pub:
                    04:52:a0:c4:e8:7b:31:2c:fe:6a:e1:55:f0:94:5e:
                    70:d0:6e:43:6d:72:7b:7d:a2:f5:61:cf:68:e7:ef:
                    b7:e5:f0:2f:bd:76:26:4c:ce:f0:4e:bb:99:03:cf:
                    17:05:a9:3f:a2:0d:ed:6e:6f:3f:0f:08:f2:1b:68:
                    9e:e0:4d:38:5f:55:99:51:1b:ae:39:2e:1d:9f:78:
                    b1:58:52:5c:b5:1f:54:d6:c9:09:6d:4e:b5:9c:00:
                    c2:01:89:c7:27:94:ea
                ASN1 OID: secp384r1
                NIST CURVE: P-384
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
                0F:E2:50:A5:9A:17:2B:87:71:11:CB:52:15:48:08:5B:72:F6:92:5E
            X509v3 Authority Key Identifier: 
                keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
                DirName:/CN=JF_server
                serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Key Usage: 
                Digital Signature
    Signature Algorithm: sha512WithRSAEncryption
    Signature Value:
        1d:9a:07:1e:b0:5f:56:08:c3:a8:25:6a:54:2c:50:4d:98:b3:
        f0:ab:39:ae:93:87:35:44:04:2c:ac:92:ea:a4:96:d3:10:77:
        01:16:93:1e:b5:1d:5d:7f:98:c9:5d:2b:6d:03:97:e4:6b:38:
        2e:3b:a9:00:5f:d4:34:11:fe:24:51:47:27:31:a3:60:b0:ce:
        af:b3:87:95:eb:dd:4f:c5:88:18:db:60:9b:22:09:3d:73:53:
        83:f6:31:a6:61:0f:60:e3:76:77:d7:be:a8:fa:01:5b:7d:53:
        97:7e:25:9b:30:e6:34:52:ae:e7:0b:d1:0e:3a:69:8d:55:f8:
        40:a4:4d:3c:2e:7b:40:06:8e:bf:ba:e5:46:30:d7:26:fa:49:
        aa:bc:7d:3c:a8:89:84:28:0a:b4:7b:a8:51:f6:df:04:f8:63:
        e8:a7:72:4e:d0:ae:45:23:91:7e:d3:a6:20:16:86:93:08:8f:
        c0:83:ff:17:96:ff:63:9a:c9:0b:b8:cd:ff:05:ea:ef:33:2e:
        78:e7:1e:86:23:0d:de:66:9d:74:d7:17:2e:9c:e2:a0:42:03:
        9a:ed:ae:44:da:f5:a5:c1:36:56:9c:7d:eb:ca:dc:76:eb:62:
        6e:fe:8f:dc:f5:eb:a1:72:9e:64:bd:2e:64:1b:62:e0:52:d0:
        f9:ab:52:cf
-----BEGIN CERTIFICATE-----
MIICozCCAYugAwIBAgIRAKtXImkAlH0t8obBfPaEpNEwDQYJKoZIhvcNAQENBQAw
FDESMBAGA1UEAwwJSkZfc2VydmVyMCAXDTI1MDUyNjE5MjY0M1oYDzIwNTUwNTE5
MTkyNjQzWjAPMQ0wCwYDVQQDDARmcmVkMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE
UqDE6HsxLP5q4VXwlF5w0G5DbXJ7faL1Yc9o5++35fAvvXYmTM7wTruZA88XBak/
og3tbm8/DwjyG2ie4E04X1WZURuuOS4dn3ixWFJctR9U1skJbU61nADCAYnHJ5Tq
o4GgMIGdMAkGA1UdEwQCMAAwHQYDVR0OBBYEFA/iUKWaFyuHcRHLUhVICFty9pJe
ME8GA1UdIwRIMEaAFIp4kOXwUOeMdeS4wKHo6ZuyGp0yoRikFjAUMRIwEAYDVQQD
DAlKRl9zZXJ2ZXKCFF3t+5M9sqoMi9sV372hkc5c+8sGMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQ0FAAOCAQEAHZoHHrBfVgjD
qCVqVCxQTZiz8Ks5rpOHNUQELKyS6qSW0xB3ARaTHrUdXX+YyV0rbQOX5Gs4Ljup
AF/UNBH+JFFHJzGjYLDOr7OHlevdT8WIGNtgmyIJPXNTg/YxpmEPYON2d9e+qPoB
W31Tl34lmzDmNFKu5wvRDjppjVX4QKRNPC57QAaOv7rlRjDXJvpJqrx9PKiJhCgK
tHuoUfbfBPhj6KdyTtCuRSORftOmIBaGkwiPwIP/F5b/Y5rJC7jN/wXq7zMueOce
hiMN3maddNcXLpzioEIDmu2uRNr1pcE2Vpx968rcdutibv6P3PXroXKeZL0uZBti
4FLQ+atSzw==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBWcN+8Dvwua4D5eX5O
7ur9tcu7we995i8cwa5S12vPvmKukUwENyzmm8O3xNYjtX2hZANiAARSoMToezEs
/mrhVfCUXnDQbkNtcnt9ovVhz2jn77fl8C+9diZMzvBOu5kDzxcFqT+iDe1ubz8P
CPIbaJ7gTThfVZlRG645Lh2feLFYUly1H1TWyQltTrWcAMIBiccnlOo=
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
4c828cbf0e58f927758e9471c1b6f03b
2e77b2c634bad76df0570dd8f47184d6
3921e25c6e6cbe4af4b64aad89d12425
a9fca69ae08802b5ed583632c26678b0
cc28c481c3831d1b2204dc30cd466395
ccb8cd82cd2259c956b510c9a56e842a
8693c44dca462f0ab7be3856abe9bbe1
95a6ffd3b0237225b9497c7a0df05ad8
2f2e0a8bff97c927d2890906d0105947
fa3430fc779583772382534fb880add6
8d5592fa4ff384d3e96c560019b5835f
095da9b2fb33dbfbc1ffce9560908271
ee96e02ccecc9d51b9dda79a77704a1d
4407d7c805e6950854fe232adee02a12
b09af2d9bfe04868a9e2e942dc64eb81
9e062ab9f781e52d263195a58db72ebe
-----END OpenVPN Static key V1-----
</tls-crypt>