client
dev tun

proto udp
remote vpn.example.org
port 1194

resolv-retry infinite

nobind

persist-key
persist-tun

# use this to point to certificates or embed them directly in file like below
#ca ca.crt
#cert client.crt
#key client.key

remote-cert-tls server

key-direction 1

cipher AES-256-CBC

#Uncomment this block to ignore the pushed DNS servers and use your own
#pull-filter ignore "dhcp-option DNS" 
#dhcp-option DNS 1.1.1.1            
#dhcp-option DNS 1.0.0.1

verb 3


# embedded certificates
<ca>
... CA certificate
</ca>
<key>
... client's key
</key>
<cert>
... client's certificate
</cert>
<tls-auth>
... tls-auth ta.key
</tls-auth>