##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
auth-nocache
auth-user-pass
explicit-exit-notify 1
route 192.168.114.0 255.255.255.0
push "dhcp-option DNS 192.168.114.10"
push "dhcp-option DOMAIN microtech.local"
push "dhcp-option SEARCH microtech.local"
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote soporte.microtech.es 3114
;remote my-server-2 1194
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
;ca ca.crt
;cert client.crt
;key client.key
# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
# digitalSignature, keyEncipherment
# and the extendedKeyUsage to
# serverAuth
# EasyRSA can do this for you.
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Note that 2.4 client/server will automatically
# negotiate AES-256-GCM in TLS mode.
# See also the ncp-cipher option in the manpage
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIJAKktPZdtq9qMMA0GCSqGSIb3DQEBCwUAMIGrMQswCQYD
VQQGEwJFUzEMMAoGA1UECBMDQ0FUMRIwEAYDVQQHEwlCYXJjZWxvbmExEjAQBgNV
BAoTCU1pY3JvdGVjaDEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxFTAT
BgNVBAMTDE1pY3JvdGVjaCBDQTEPMA0GA1UEKRMGc2VydmVyMR8wHQYJKoZIhvcN
AQkBFhBzYXRAbWljcm90ZWNoLmVzMB4XDTE4MDYxODEwMjUxMVoXDTI4MDYxNTEw
MjUxMVowgasxCzAJBgNVBAYTAkVTMQwwCgYDVQQIEwNDQVQxEjAQBgNVBAcTCUJh
cmNlbG9uYTESMBAGA1UEChMJTWljcm90ZWNoMR0wGwYDVQQLExRNeU9yZ2FuaXph
dGlvbmFsVW5pdDEVMBMGA1UEAxMMTWljcm90ZWNoIENBMQ8wDQYDVQQpEwZzZXJ2
ZXIxHzAdBgkqhkiG9w0BCQEWEHNhdEBtaWNyb3RlY2guZXMwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCyJNyPHEWpk+zTFrp7NNzDMjAIa08DbXVX7d0h
k6MSNa3sInAKvVEzXc1eN+cnugiy2RqMkv8b+js167O4M+ePcjYF2Rwabr7ggNJW
EwkKLd0m94T3/hyf3yRoZZ8lTI1dIE3CU4qOPg6ot1bgoyOPnQEApKcDZvax1JK+
TvySClHuAZPPrCsspXF4KYxXB0W1Jv2iROiwNkWjrkJSlVfHN+Bja/KymLTfC0yF
9k1BYwyspRo8IbYMnMjQ6DXVpNO5inpgP5i6DeLRDyvqmTdPPBm3duw+btPiROhT
B30I9icXzz5ISOFwIhuEveJGY0IwtmHR4fEY9etsl1z21u0vAgMBAAGjggEUMIIB
EDAdBgNVHQ4EFgQUzk0V8/Vhwo0DAMmT9q2bvudhxHswgeAGA1UdIwSB2DCB1YAU
zk0V8/Vhwo0DAMmT9q2bvudhxHuhgbGkga4wgasxCzAJBgNVBAYTAkVTMQwwCgYD
VQQIEwNDQVQxEjAQBgNVBAcTCUJhcmNlbG9uYTESMBAGA1UEChMJTWljcm90ZWNo
MR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5pdDEVMBMGA1UEAxMMTWljcm90
ZWNoIENBMQ8wDQYDVQQpEwZzZXJ2ZXIxHzAdBgkqhkiG9w0BCQEWEHNhdEBtaWNy
b3RlY2guZXOCCQCpLT2XbavajDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA
A4IBAQCg1K4DjeYPVsidhpY9Q3G1Rs0I+t0W3eDk8vQjSaVnzidYVqM0msPAoda6
3GwqeLuVWHYa/4POYanatDhqZvw57xQKD0g8sn4BaI4b+nM4dj8wpJGCRH6GC4YD
5StB7uWTQdyUPob/mLM5pEG7ABDLi0Yd7T0WrQISy0oMLVHZqnOlF6Grq8ynNzu3
6eW9DOpuTCM5nXkV5RPKWL6veRUzYbMu07L5xglCaXYez/FnSv7mKEM27uaWmO2A
POYg+Xz2IUokajT3kyX3vf0dWithzp0QgopvEWohKV87qeUj2uI5e7lvTXVuPWtw
aF1x+lii9AjeQ611xTlT7ygRNF0x
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=ES, ST=CAT, L=Barcelona, O=Microtech, OU=MyOrganizationalUnit, CN=Microtech CA/name=server/emailAddress=sat@microtech.es
Validity
Not Before: Jun 18 10:51:46 2018 GMT
Not After : Jun 15 10:51:46 2028 GMT
Subject: C=ES, ST=CAT, L=Barcelona, O=Microtech, OU=MyOrganizationalUnit, CN=client1/name=server/emailAddress=sat@microtech.es
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:aa:2a:51:c6:84:e3:c5:e1:28:cd:5d:df:8a:5a:
51:15:6e:08:d9:bb:2f:b9:41:34:57:c1:2a:a3:a4:
eb:5d:7b:bd:a4:13:bb:af:b8:3d:3a:e7:bd:ac:4a:
fe:b0:e4:4f:9a:c7:6a:3b:a3:cd:11:af:61:6f:eb:
ca:1d:c1:f6:50:fc:18:99:66:5a:5b:1d:ae:a6:92:
dd:2f:f3:6d:39:7a:62:4b:d9:47:d1:ee:c2:b2:c2:
67:01:50:63:ac:05:cf:d0:05:86:88:41:3a:47:4d:
ce:b3:d7:0f:2b:99:cc:37:b6:97:a3:c4:a9:e1:d0:
c7:71:fd:b9:d6:16:a5:83:77:74:84:a1:85:1c:5b:
f0:57:d4:d6:75:85:30:66:a1:76:df:af:6c:25:04:
6b:f4:dc:f6:b3:78:71:10:e2:92:55:28:ed:98:77:
40:be:7b:ad:40:97:e2:eb:38:20:5d:5a:ab:8a:5d:
52:15:61:a5:d6:d3:ea:d0:30:04:28:f7:8c:8b:27:
ab:97:e3:70:8e:d5:f8:3a:dc:ff:f6:b8:1a:ec:cd:
05:d8:2a:4e:c7:ab:d5:86:f3:91:dd:b5:f7:e7:f5:
ca:ae:89:14:31:44:f7:8f:05:39:b7:13:04:33:be:
ec:cf:04:02:e4:86:c3:20:75:89:59:a7:cc:b2:33:
41:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
8A:8B:C0:29:CA:F1:44:0F:52:16:DC:C0:AF:D8:8E:D7:4B:F7:E7:9B
X509v3 Authority Key Identifier:
keyid:CE:4D:15:F3:F5:61:C2:8D:03:00:C9:93:F6:AD:9B:BE:E7:61:C4:7B
DirName:/C=ES/ST=CAT/L=Barcelona/O=Microtech/OU=MyOrganizationalUnit/CN=Microtech CA/name=server/emailAddress=sat@microtech.es
serial:A9:2D:3D:97:6D:AB:DA:8C
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:client1
Signature Algorithm: sha256WithRSAEncryption
12:2e:10:4a:9a:2f:0c:99:fb:cb:9d:24:53:c7:72:c9:a0:ee:
cc:4e:54:00:d2:92:1d:24:6d:67:f4:32:2a:cc:2f:59:8f:dd:
a7:77:35:fd:6f:3d:66:24:f8:cd:ee:bc:9f:d5:0b:b8:dc:70:
58:e1:05:c8:c9:ef:f2:17:85:68:87:1f:1c:53:9d:cc:e7:49:
6b:3a:ff:45:d7:36:0d:23:e5:a7:9a:fd:d9:04:a4:86:ae:fa:
da:b2:94:a6:ba:1f:39:17:0c:ef:92:39:c7:57:54:2e:b8:f3:
16:a2:41:bd:10:93:24:89:4c:62:72:79:d5:4c:94:14:a2:05:
1c:49:63:16:c4:59:ba:73:c0:99:3e:4e:79:8c:5c:39:7d:03:
3b:2b:e7:cb:96:dc:b2:2d:f5:16:e4:b5:4b:10:c7:2e:b0:d7:
64:76:ca:6c:5b:f0:75:6d:f4:01:b4:78:44:00:65:80:8f:63:
4c:66:3c:4b:9d:01:02:65:a9:d3:3d:68:90:1c:da:14:27:36:
b8:bb:15:c0:a5:59:d0:57:6b:09:58:ff:80:a3:11:98:b2:d3:
48:be:95:25:3a:1e:00:14:c0:f3:ea:37:70:3f:39:b0:95:1b:
3b:8d:0a:2d:31:78:1f:ac:ad:32:9c:eb:75:0c:d7:14:00:74:
b0:2e:09:1e
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBqzELMAkGA1UEBhMCRVMx
DDAKBgNVBAgTA0NBVDESMBAGA1UEBxMJQmFyY2Vsb25hMRIwEAYDVQQKEwlNaWNy
b3RlY2gxHTAbBgNVBAsTFE15T3JnYW5pemF0aW9uYWxVbml0MRUwEwYDVQQDEwxN
aWNyb3RlY2ggQ0ExDzANBgNVBCkTBnNlcnZlcjEfMB0GCSqGSIb3DQEJARYQc2F0
QG1pY3JvdGVjaC5lczAeFw0xODA2MTgxMDUxNDZaFw0yODA2MTUxMDUxNDZaMIGm
MQswCQYDVQQGEwJFUzEMMAoGA1UECBMDQ0FUMRIwEAYDVQQHEwlCYXJjZWxvbmEx
EjAQBgNVBAoTCU1pY3JvdGVjaDEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVu
aXQxEDAOBgNVBAMTB2NsaWVudDExDzANBgNVBCkTBnNlcnZlcjEfMB0GCSqGSIb3
DQEJARYQc2F0QG1pY3JvdGVjaC5lczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAKoqUcaE48XhKM1d34paURVuCNm7L7lBNFfBKqOk6117vaQTu6+4PTrn
vaxK/rDkT5rHajujzRGvYW/ryh3B9lD8GJlmWlsdrqaS3S/zbTl6YkvZR9HuwrLC
ZwFQY6wFz9AFhohBOkdNzrPXDyuZzDe2l6PEqeHQx3H9udYWpYN3dIShhRxb8FfU
1nWFMGahdt+vbCUEa/Tc9rN4cRDiklUo7Zh3QL57rUCX4us4IF1aq4pdUhVhpdbT
6tAwBCj3jIsnq5fjcI7V+Drc//a4GuzNBdgqTser1Ybzkd219+f1yq6JFDFE948F
ObcTBDO+7M8EAuSGwyB1iVmnzLIzQV8CAwEAAaOCAXYwggFyMAkGA1UdEwQCMAAw
LQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
BgNVHQ4EFgQUiovAKcrxRA9SFtzAr9iO10v355swgeAGA1UdIwSB2DCB1YAUzk0V
8/Vhwo0DAMmT9q2bvudhxHuhgbGkga4wgasxCzAJBgNVBAYTAkVTMQwwCgYDVQQI
EwNDQVQxEjAQBgNVBAcTCUJhcmNlbG9uYTESMBAGA1UEChMJTWljcm90ZWNoMR0w
GwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5pdDEVMBMGA1UEAxMMTWljcm90ZWNo
IENBMQ8wDQYDVQQpEwZzZXJ2ZXIxHzAdBgkqhkiG9w0BCQEWEHNhdEBtaWNyb3Rl
Y2guZXOCCQCpLT2XbavajDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMC
B4AwEgYDVR0RBAswCYIHY2xpZW50MTANBgkqhkiG9w0BAQsFAAOCAQEAEi4QSpov
DJn7y50kU8dyyaDuzE5UANKSHSRtZ/QyKswvWY/dp3c1/W89ZiT4ze68n9ULuNxw
WOEFyMnv8heFaIcfHFOdzOdJazr/Rdc2DSPlp5r92QSkhq762rKUprofORcM75I5
x1dULrjzFqJBvRCTJIlMYnJ51UyUFKIFHEljFsRZunPAmT5OeYxcOX0DOyvny5bc
si31FuS1SxDHLrDXZHbKbFvwdW30AbR4RABlgI9jTGY8S50BAmWp0z1okBzaFCc2
uLsVwKVZ0FdrCVj/gKMRmLLTSL6VJToeABTA8+o3cD85sJUbO40KLTF4H6ytMpzr
dQzXFAB0sC4JHg==
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCqKlHGhOPF4SjN
Xd+KWlEVbgjZuy+5QTRXwSqjpOtde72kE7uvuD06572sSv6w5E+ax2o7o80Rr2Fv
68odwfZQ/BiZZlpbHa6mkt0v8205emJL2UfR7sKywmcBUGOsBc/QBYaIQTpHTc6z
1w8rmcw3tpejxKnh0Mdx/bnWFqWDd3SEoYUcW/BX1NZ1hTBmoXbfr2wlBGv03Paz
eHEQ4pJVKO2Yd0C+e61Al+LrOCBdWquKXVIVYaXW0+rQMAQo94yLJ6uX43CO1fg6
3P/2uBrszQXYKk7Hq9WG85Hdtffn9cquiRQxRPePBTm3EwQzvuzPBALkhsMgdYlZ
p8yyM0FfAgMBAAECggEAA1V47K7F16alqgBg1NEYLZdOTRXBxZtlbyK1tycQBXDb
Mk/AqZyudmz75lhBzS1r8dheWHTJG8OX4R15hEO8k7GcucSrmIVoWpMeCkZ2qV2g
d2P2aEKJRf9RDVGJ4mDqxWSWUi0U+zinCBb6kRweSCknp2m++lGg1rbl4S/oZj70
tiMGIhOGF5U6i+4wq+Zndoclyagn0ApVghOdlAJ+FKO5fuEiExItzQtkGC3k1Flv
yNRvftHtM7fE1xEiEY2NJN3L5IrpQMBNAJuTqt6hMa+7VkoWfClvym5OPs5nUXCj
duj3UJKkD6O+Psc4iw3lobmeI3YiWRXhf9Q7Op2KwQKBgQDZInLQ0L+a4jKxmD2Y
eHLSqHJi8Rui5A9Q0uBPV95jyxKkOs1IkufqNVOh+XRMeCzIOBIN/pY36gQVEEKk
AUi4ptNEqYPwhyNFHFHG+0dp7UnuBQlk231zTTArs0tZsgyW82h9peR6uTBiO88/
FuasmUnXdsJYoL77CiDPLgZDSQKBgQDIn6SuflIhzLJ3kvbs2NVylZ8RBHgLOEAu
K1YB5amlioZPOgyrkZuQKIlo58xmMH2csFsmusw49jA4328kmpmOBtVybWpOpuPL
qTHYyyG5tSjFR0fWVXfDjEk+3bnx+udtPdUtw5wsoTwkVkl84iPglZPqnZA3nSze
hJ2CIe23ZwKBgQCmjk0iLi37ga0/GzeMYEA7pOhxSt9XGLdC2S8kzZMSW3BGN7DG
DaIFvrgTVAVIrxoyzwfSYkoaQ9Cz05A6u51rvtPqJFnHw/FjDvEPwCosb8842/Yz
vkXBjyD3NIYFHJWZqMarMvhKxwj9IUG89DUnikHhHADB+TPl3wQByB0XuQKBgCZ6
yEFXpTUqZ8ibfZTr+fSiUgIXk1bDkTvJwBNZE3LW4O/tOGTn5qh9ve1LGF85Sb51
7OW+ylDal2ExKcYhiPY+xU3PQqaXR/XWG+NzAqL15j4Ab/ziI7hz/dB7AqEw+JZx
V6QRcrD0s+5cRngXf74hsl87nV+tW9/KG9PL4iZdAoGBAL1URRED0426ceAsFcH2
EPdtXnshX07vZ6kNyWPrvtV1dRdfcWkd34/xdnAW/yRZua3bDe6G/7r7iRNpmRhl
Kgqg6W+Omv0XAiRRFGwZAsvzHwu4TLTyxZlTvZvyHjjGtoZqKpyio5uQrvGYoW2Q
4lgR3aW2hoJrS23rJZmZec8T
-----END PRIVATE KEY-----