# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
dev tun

# Windows needs the TAP-Windows adapter name
# from the Network Connections panel
# if you have more than one.  On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node OpenVPN-TUN

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server.
proto udp

# Announce to TCP sessions running over the tunnel that
# they should limit their send packet sizes such that after
# OpenVPN has encapsulated them, the resulting UDP packet sizex
# that OpenVPN sends to its peer will not exceed max bytes.
# The default value is 1450.
mssfix 1400

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote vpn.cvt.stuba.sk 1194

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody

# Try to preserve some state across restarts.
persist-key
persist-tun

# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use a separate .crt/.key file pair
# for each client.  A single ca file can be used for all clients.
;ca [inline]
;ca STU-CA-v2.crt

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-256-GCM

# Certificate issued by common public CA,  can by verified as follows
verify-x509-name vpn.cvt.stuba.sk name
;verify-x509-name "C=SK, ST=Bratislavsky kraj, O=Slovenska technicka univerzita v Bratislave, OU=CVT, CN=vpn.cvt.stuba.sk" subject
;remote-cert-tls server

# For extra security beyond that provided by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
#   openvpn --genkey --secret ta.key
#
# The server and each client must have a copy of this key.
# The second parameter should be '0' on the server and '1' on the clients.
;tls-auth [inline] 1
;tls-auth ta.key 1

# Self signed certs only
;ns-cert-type server

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo

# Authenticate with server using username/password. User/password file contain username/password on 2 lines. 
# If the password line is missing, OpenVPN will prompt for one.
# If file is omitted, username/password will be prompted from the console.
# auth-user-pass [ login.conf ]
auth-user-pass

# Don't cache username/passwords in virtual memory.
# If specified, this directive will cause OpenVPN to immediately forget username/password inputs after they are used.
auth-nocache

# Set log file verbosity.
verb 3

# In client mode, on exit/restart, this option will tell the server to immediately close its client instance object
# rather than waiting for a timeout. The n parameter (default=1) controls the maximum number of attempts
# that the client will try to resend the exit notification message.
explicit-exit-notify 1

<ca>
-----BEGIN CERTIFICATE-----
MIIERDCCAyygAwIBAgIJAIWmN/zCFZq7MA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
VQQGEwJTSzEaMBgGA1UECAwRQnJhdGlzbGF2c2t5IGtyYWoxEzARBgNVBAcMCkJy
YXRpc2xhdmExNDAyBgNVBAoMK1Nsb3ZlbnNrYSB0ZWNobmlja2EgdW5pdmVyeml0
YSB2IEJyYXRpc2xhdmUxDDAKBgNVBAsMA0NWVDEiMCAGA1UEAwwZU1RVIEJyYXRp
c2xhdmEgUm9vdCBDQSB2MjAeFw0xNzAxMzAxMTQ4NDlaFw0yNzAxMjgxMTQ4NDla
MIGmMQswCQYDVQQGEwJTSzEaMBgGA1UECAwRQnJhdGlzbGF2c2t5IGtyYWoxEzAR
BgNVBAcMCkJyYXRpc2xhdmExNDAyBgNVBAoMK1Nsb3ZlbnNrYSB0ZWNobmlja2Eg
dW5pdmVyeml0YSB2IEJyYXRpc2xhdmUxDDAKBgNVBAsMA0NWVDEiMCAGA1UEAwwZ
U1RVIEJyYXRpc2xhdmEgUm9vdCBDQSB2MjCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAOQt41XVxVF4gJlU9qjlnh6imPqPWWoOtmnAzyhNV2rTfw/Dklcw
rDSYKVg7EOWdEMbHtPTtQ79OoIBIIkLF+3RPgwhiaVvSQZJUX7yUiAQNKtUp02PD
dYxguxdGN9wMXtu1CspjH1IkBkU1m/qlIK0lPmgmAaHTsSV9N2Zhp1yP9JFcuxkZ
waqGBNjRnj55J/mSQb0l32PaVQKo3oTAjYe/0MEKe/1/L043x8yIPsmcGflNlIVY
UFSrPDBwqjjyuYEyPLiT12+ox+DdYgNUrOhNE+xci3rw9afCcJJKnw23E2v4xro1
Rv7i78FMCtYAqbw59KmmWTzUk6RRQ+kGoAUCAwEAAaNzMHEwHQYDVR0OBBYEFMKh
qrdNT5D5BcXaE44SGovvTzKVMB8GA1UdIwQYMBaAFMKhqrdNT5D5BcXaE44SGovv
TzKVMAwGA1UdEwQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMBEGCWCGSAGG+EIBAQQE
AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAJj+kQ/W//4xFIS/01VtMZYKJkqwWQ54X
GHRn8K/5AXfCc7JUven5h66uzKOZfCftjFPc5mP9wRGOLxkClD15Uv8ZqYL3w7IJ
8IJEx3yBohFYPPAJROJcoHQdn8mt27sb1aNU+myIj0SkmPvEszogojtxZtukezhG
f4/fWWYoUKABzet0z5WUrt9/f10T0SnDy6P3YQNX343qc1zzaYwksFEJXRgBdw3b
XdiLOZczS6qIusRRyOFBECFQWJOpgrhpHUr7xKotTF5H6L0Wzu5CeAM/XBH+R1Wk
4QHQecwStvFjsDMODsLsSFm3N9T3tb3//w5TxqsCfYqLoSFn94gJQw==
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
a638f3f349a0faa14d0427d1fde9f06b
a47ad8833589cf28f24734f46919ecc3
4a3b57431b9645d31bea422a9e92d150
1e02c01bb95511eee4f47c0bf9272a0a
c4f9ded7fd693cd288f3500d7d11dfd0
0716cc552d1ac9c3c03594e22e3ba28f
f38cd7d627485adf632396765e19a563
c5cddda6d1ef21693dbd7a8af9947b31
a8513a7d738b3c32537447c99ab2962f
07d1077b69de3834add61a9d528e70b4
600042d86934d21d9a51fde63453cff1
1831046d764be7c67d14104e5f42674b
f08d4ce3a14baaa6219cd479a702999a
86dcc489f50cdddb33f31fd28cad3a30
ed0d2a6d6d3e5b01405228f28f14bdd7
0568b410df75efea1188881b047e620a
-----END OpenVPN Static key V1-----
</tls-auth>