270 lines
9.5 KiB
Plaintext
270 lines
9.5 KiB
Plaintext
##############################################
|
|
# Sample client-side OpenVPN 2.0 config file #
|
|
# for connecting to multi-client server. #
|
|
# #
|
|
# This configuration can be used by multiple #
|
|
# clients, however each client should have #
|
|
# its own cert and key files. #
|
|
# #
|
|
# On Windows, you might want to rename this #
|
|
# file so it has a .ovpn extension #
|
|
##############################################
|
|
|
|
# Specify that we are a client and that we
|
|
# will be pulling certain config file directives
|
|
# from the server.
|
|
client
|
|
|
|
# Use the same setting as you are using on
|
|
# the server.
|
|
# On most systems, the VPN will not function
|
|
# unless you partially or fully disable
|
|
# the firewall for the TUN/TAP interface.
|
|
;dev tap
|
|
dev tun
|
|
|
|
# Windows needs the TAP-Win32 adapter name
|
|
# from the Network Connections panel
|
|
# if you have more than one. On XP SP2,
|
|
# you may need to disable the firewall
|
|
# for the TAP adapter.
|
|
;dev-node MyTap
|
|
|
|
# Are we connecting to a TCP or
|
|
# UDP server? Use the same setting as
|
|
# on the server.
|
|
;proto tcp
|
|
proto udp
|
|
|
|
# The hostname/IP and port of the server.
|
|
# You can have multiple remote entries
|
|
# to load balance between the servers.
|
|
remote vpn.yultek.dev 1194
|
|
;remote 138.197.151.172 1194
|
|
;remote my-server-2 1194
|
|
|
|
# Choose a random host from the remote
|
|
# list for load-balancing. Otherwise
|
|
# try hosts in the order specified.
|
|
;remote-random
|
|
|
|
# Keep trying indefinitely to resolve the
|
|
# host name of the OpenVPN server. Very useful
|
|
# on machines which are not permanently connected
|
|
# to the internet such as laptops.
|
|
resolv-retry infinite
|
|
|
|
# Most clients don't need to bind to
|
|
# a specific local port number.
|
|
nobind
|
|
|
|
# Downgrade privileges after initialization (non-Windows only)
|
|
;user nobody
|
|
;group nobody
|
|
|
|
# Try to preserve some state across restarts.
|
|
persist-key
|
|
persist-tun
|
|
|
|
# If you are connecting through an
|
|
# HTTP proxy to reach the actual OpenVPN
|
|
# server, put the proxy server/IP and
|
|
# port number here. See the man page
|
|
# if your proxy server requires
|
|
# authentication.
|
|
;http-proxy-retry # retry on connection failures
|
|
;http-proxy [proxy server] [proxy port #]
|
|
|
|
# Wireless networks often produce a lot
|
|
# of duplicate packets. Set this flag
|
|
# to silence duplicate packet warnings.
|
|
;mute-replay-warnings
|
|
|
|
# SSL/TLS parms.
|
|
# See the server config file for more
|
|
# description. It's best to use
|
|
# a separate .crt/.key file pair
|
|
# for each client. A single ca
|
|
# file can be used for all clients.
|
|
;ca ca.crt
|
|
;cert client.crt
|
|
;key client.key
|
|
|
|
# Verify server certificate by checking that the
|
|
# certificate has the correct key usage set.
|
|
# This is an important precaution to protect against
|
|
# a potential attack discussed here:
|
|
# http://openvpn.net/howto.html#mitm
|
|
#
|
|
# To use this feature, you will need to generate
|
|
# your server certificates with the keyUsage set to
|
|
# digitalSignature, keyEncipherment
|
|
# and the extendedKeyUsage to
|
|
# serverAuth
|
|
# EasyRSA can do this for you.
|
|
remote-cert-tls server
|
|
|
|
# If a tls-auth key is used on the server
|
|
# then every client must also have the key.
|
|
;tls-auth ta.key 1
|
|
|
|
# Select a cryptographic cipher.
|
|
# If the cipher option is used on the server
|
|
# then you must also specify it here.
|
|
# Note that v2.4 client/server will automatically
|
|
# negotiate AES-256-GCM in TLS mode.
|
|
# See also the data-ciphers option in the manpage
|
|
cipher AES-256-GCM
|
|
auth SHA256
|
|
|
|
# Enable compression on the VPN link.
|
|
# Don't enable this unless it is also
|
|
# enabled in the server config file.
|
|
#comp-lzo
|
|
|
|
# Set log file verbosity.
|
|
verb 3
|
|
|
|
# Silence repeating messages
|
|
;mute 20
|
|
|
|
key-direction 1
|
|
|
|
|
|
; script-security 2
|
|
; up /etc/openvpn/update-resolv-conf
|
|
; down /etc/openvpn/update-resolv-conf
|
|
|
|
|
|
; script-security 2
|
|
; up /etc/openvpn/update-systemd-resolved
|
|
; down /etc/openvpn/update-systemd-resolved
|
|
; down-pre
|
|
; dhcp-option DOMAIN-ROUTE .
|
|
<ca>
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIDRTCCAi2gAwIBAgIUXe37kz2yqgyL2xXfvaGRzlz7ywYwDQYJKoZIhvcNAQEL
|
|
BQAwFDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDIyMDIyMDkyMVoXDTMzMDIx
|
|
NzIyMDkyMVowFDESMBAGA1UEAwwJSkZfc2VydmVyMIIBIjANBgkqhkiG9w0BAQEF
|
|
AAOCAQ8AMIIBCgKCAQEAnLdVAj0W31TtWGxwdBeqsdIHyUdVAEG8bX+CcNZDP3M3
|
|
R/gJOmenjqsqHYBe5gZcky1hkqWaD7l/LNmyzZDZ1lVEWpcAZqxbsUZKiHU30bxq
|
|
84L5qtaAOpwTsumidq2hBqoDBMdBmh18e0QEW624mui7ckXTRRG3PA0ccXtXcTYU
|
|
ntmhYtQ2oaPauSmfJZIUfZTfVZbB8FkCgu+zJtCx5hq46vIHm8KX0m1zLIeUtGsI
|
|
hkly+5v52f3sEMlddyoZZkfjRddETk2co09q3oNaP1LYxN5G+TvZDhpdE+PrDsNT
|
|
wO4uU2d9hVIP3T49heLieZ6KVxyp1FsDYzo0CNlIDwIDAQABo4GOMIGLMB0GA1Ud
|
|
DgQWBBSKeJDl8FDnjHXkuMCh6OmbshqdMjBPBgNVHSMESDBGgBSKeJDl8FDnjHXk
|
|
uMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJSkZfc2VydmVyghRd7fuTPbKqDIvb
|
|
Fd+9oZHOXPvLBjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B
|
|
AQsFAAOCAQEARIg2x4Tit/6ZydMlle6ku32t75OMCVQoe7fUkRjNe8pCkZjZXLy9
|
|
QIRwoqW3FRT8+mQjctZk3NsyLStF8Rc/fFvpjGY/hiEQ/RV1K2/IZ9hcswp/LRzQ
|
|
ElDwXhe4zlcDT10GjHYYx221SR+ijgicZcaXgb9f3uZKIrPgyb8qB4KCQS8gPtCV
|
|
1VmPM5/svVCI93G+xT92XBHa47fgV5GEn7Snah2UgFol5h7/KX/Sa2q0pfBlzqmt
|
|
CutfEbYcwSxkoLsEUIW8KMoEAIsO+KIsraS6EXlRdT82Ui+UZWVPZABlzifCl+AV
|
|
LzBrLwt2OeoEI1h65EyzzE7gDsjrE3JR/Q==
|
|
-----END CERTIFICATE-----
|
|
</ca>
|
|
<cert>
|
|
Certificate:
|
|
Data:
|
|
Version: 3 (0x2)
|
|
Serial Number:
|
|
09:c8:7d:2d:3b:1f:85:c2:1b:4e:a6:df:24:2b:98:cd
|
|
Signature Algorithm: sha512WithRSAEncryption
|
|
Issuer: CN=JF_server
|
|
Validity
|
|
Not Before: May 27 18:51:42 2025 GMT
|
|
Not After : May 20 18:51:42 2055 GMT
|
|
Subject: CN=stationKA2501
|
|
Subject Public Key Info:
|
|
Public Key Algorithm: id-ecPublicKey
|
|
Public-Key: (384 bit)
|
|
pub:
|
|
04:4f:cf:df:9f:3a:ca:37:5b:71:71:5a:50:8c:39:
|
|
73:a7:2f:04:16:c6:66:81:72:70:89:b6:ba:58:06:
|
|
83:54:58:37:19:74:f8:a5:42:70:41:1b:c1:eb:59:
|
|
26:5a:aa:ed:1b:7a:af:0e:c5:2a:3f:26:6e:3d:53:
|
|
28:6d:2e:b6:c6:4e:9c:73:d3:c5:2b:96:10:b4:2e:
|
|
f4:e5:06:b7:ca:cd:c7:72:20:b5:07:05:84:17:64:
|
|
4e:cb:f5:4f:51:b3:c7
|
|
ASN1 OID: secp384r1
|
|
NIST CURVE: P-384
|
|
X509v3 extensions:
|
|
X509v3 Basic Constraints:
|
|
CA:FALSE
|
|
X509v3 Subject Key Identifier:
|
|
9E:36:BB:6F:4C:C7:DE:80:C4:CB:11:AC:4B:C8:C2:11:26:0B:64:83
|
|
X509v3 Authority Key Identifier:
|
|
keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
|
|
DirName:/CN=JF_server
|
|
serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
|
|
X509v3 Extended Key Usage:
|
|
TLS Web Client Authentication
|
|
X509v3 Key Usage:
|
|
Digital Signature
|
|
Signature Algorithm: sha512WithRSAEncryption
|
|
Signature Value:
|
|
26:a0:0c:57:fb:39:8b:25:ee:0d:a0:23:f3:c8:67:27:b4:bb:
|
|
f9:f1:10:e1:7e:80:a7:04:f6:19:ca:b8:a2:b4:f5:db:d6:64:
|
|
5d:7f:fc:fb:58:6b:02:1a:2c:b4:df:f3:1d:33:bc:c4:8e:f9:
|
|
5c:70:0f:07:e1:51:99:17:62:2e:7d:a2:69:46:c7:ee:d8:d3:
|
|
ee:9b:aa:d0:d5:9d:90:ae:3d:26:83:51:30:73:24:4d:6c:67:
|
|
4f:f2:4c:8f:e8:b7:34:94:85:c0:4e:0e:01:5a:16:0c:44:ca:
|
|
29:f9:02:de:e0:93:38:d3:d7:22:04:40:b1:8a:02:2f:33:16:
|
|
f8:92:c2:df:b8:33:79:18:75:d0:66:87:10:6b:b1:7d:49:b6:
|
|
d1:fc:7a:2c:89:e9:51:0a:8b:38:c5:5a:03:47:93:3a:ed:60:
|
|
81:ef:99:a2:45:6a:97:46:f7:ae:be:4b:e5:4c:e6:5e:01:f4:
|
|
c0:9b:9f:f6:0d:3d:80:17:da:91:3a:d2:9e:e7:fe:7d:b8:30:
|
|
31:3c:ad:72:ab:e0:7d:5b:2b:a2:f1:9b:db:8f:09:4a:0e:a1:
|
|
a9:5e:a8:3b:fe:9c:4c:36:7b:b6:35:41:54:32:ff:72:22:c5:
|
|
0f:b4:7e:71:c9:78:04:56:fb:1f:81:87:25:b3:3a:78:56:76:
|
|
61:a9:4f:c1
|
|
-----BEGIN CERTIFICATE-----
|
|
MIICqzCCAZOgAwIBAgIQCch9LTsfhcIbTqbfJCuYzTANBgkqhkiG9w0BAQ0FADAU
|
|
MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwIBcNMjUwNTI3MTg1MTQyWhgPMjA1NTA1MjAx
|
|
ODUxNDJaMBgxFjAUBgNVBAMMDXN0YXRpb25LQTI1MDEwdjAQBgcqhkjOPQIBBgUr
|
|
gQQAIgNiAARPz9+fOso3W3FxWlCMOXOnLwQWxmaBcnCJtrpYBoNUWDcZdPilQnBB
|
|
G8HrWSZaqu0beq8OxSo/Jm49UyhtLrbGTpxz08UrlhC0LvTlBrfKzcdyILUHBYQX
|
|
ZE7L9U9Rs8ejgaAwgZ0wCQYDVR0TBAIwADAdBgNVHQ4EFgQUnja7b0zH3oDEyxGs
|
|
S8jCESYLZIMwTwYDVR0jBEgwRoAUiniQ5fBQ54x15LjAoejpm7IanTKhGKQWMBQx
|
|
EjAQBgNVBAMMCUpGX3NlcnZlcoIUXe37kz2yqgyL2xXfvaGRzlz7ywYwEwYDVR0l
|
|
BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBDQUAA4IBAQAm
|
|
oAxX+zmLJe4NoCPzyGcntLv58RDhfoCnBPYZyriitPXb1mRdf/z7WGsCGiy03/Md
|
|
M7zEjvlccA8H4VGZF2IufaJpRsfu2NPum6rQ1Z2Qrj0mg1EwcyRNbGdP8kyP6Lc0
|
|
lIXATg4BWhYMRMop+QLe4JM409ciBECxigIvMxb4ksLfuDN5GHXQZocQa7F9SbbR
|
|
/HosielRCos4xVoDR5M67WCB75miRWqXRveuvkvlTOZeAfTAm5/2DT2AF9qROtKe
|
|
5/59uDAxPK1yq+B9Wyui8ZvbjwlKDqGpXqg7/pxMNnu2NUFUMv9yIsUPtH5xyXgE
|
|
VvsfgYclszp4VnZhqU/B
|
|
-----END CERTIFICATE-----
|
|
</cert>
|
|
<key>
|
|
-----BEGIN PRIVATE KEY-----
|
|
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCT5IR1xQ0c5icEgDpq
|
|
ou6eTfKeJ7CrwlCMtgyjvF8VwuGiXSE35Lck/WMLwBeyBGahZANiAARPz9+fOso3
|
|
W3FxWlCMOXOnLwQWxmaBcnCJtrpYBoNUWDcZdPilQnBBG8HrWSZaqu0beq8OxSo/
|
|
Jm49UyhtLrbGTpxz08UrlhC0LvTlBrfKzcdyILUHBYQXZE7L9U9Rs8c=
|
|
-----END PRIVATE KEY-----
|
|
</key>
|
|
<tls-crypt>
|
|
#
|
|
# 2048 bit OpenVPN static key
|
|
#
|
|
-----BEGIN OpenVPN Static key V1-----
|
|
4c828cbf0e58f927758e9471c1b6f03b
|
|
2e77b2c634bad76df0570dd8f47184d6
|
|
3921e25c6e6cbe4af4b64aad89d12425
|
|
a9fca69ae08802b5ed583632c26678b0
|
|
cc28c481c3831d1b2204dc30cd466395
|
|
ccb8cd82cd2259c956b510c9a56e842a
|
|
8693c44dca462f0ab7be3856abe9bbe1
|
|
95a6ffd3b0237225b9497c7a0df05ad8
|
|
2f2e0a8bff97c927d2890906d0105947
|
|
fa3430fc779583772382534fb880add6
|
|
8d5592fa4ff384d3e96c560019b5835f
|
|
095da9b2fb33dbfbc1ffce9560908271
|
|
ee96e02ccecc9d51b9dda79a77704a1d
|
|
4407d7c805e6950854fe232adee02a12
|
|
b09af2d9bfe04868a9e2e942dc64eb81
|
|
9e062ab9f781e52d263195a58db72ebe
|
|
-----END OpenVPN Static key V1-----
|
|
</tls-crypt>
|