dev tun
proto tcp-client

remote vpn_server_ip 1194

# route to access local network (192.168.190.0)
# from vpn client network (10.21.21.1)
route 192.168.10.0 255.255.255.0 10.21.21.1

# tunnel all traffic through vpn
redirect-gateway def1 

tls-client

user nobody
group nogroup

#comp-lzo # Do not use compression.

# More reliable detection when a system loses its connection.
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key

mute-replay-warnings

verb 3

cipher BF-CBC
auth SHA1
pull

auth-user-pass

<ca>
-----BEGIN CERTIFICATE-----
...
ca cert here
...
-----END CERTIFICATE-----
</ca>