dev tun proto tcp-client remote vpn_server_ip 1194 # route to access local network (192.168.190.0) # from vpn client network (10.21.21.1) route 192.168.10.0 255.255.255.0 10.21.21.1 # tunnel all traffic through vpn redirect-gateway def1 tls-client user nobody group nogroup #comp-lzo # Do not use compression. # More reliable detection when a system loses its connection. ping 15 ping-restart 45 ping-timer-rem persist-tun persist-key mute-replay-warnings verb 3 cipher BF-CBC auth SHA1 pull auth-user-pass <ca> -----BEGIN CERTIFICATE----- ... ca cert here ... -----END CERTIFICATE----- </ca>
client dev tun proto udp remote vpn.example.org port 1194 resolv-retry infinite nobind persist-key persist-tun # use this to point to certificates or embed them directly in file like below #ca ca.crt #cert client.crt #key client.key remote-cert-tls server key-direction 1 cipher AES-256-CBC #Uncomment this block to ignore the pushed DNS servers and use your own #pull-filter ignore "dhcp-option DNS" #dhcp-option DNS 1.1.1.1 #dhcp-option DNS 1.0.0.1 verb 3 # embedded certificates <ca> ... CA certificate </ca> <key> ... client's key </key> <cert> ... client's certificate </cert> <tls-auth> ... tls-auth ta.key </tls-auth>