dev tun
proto tcp-client
 
remote vpn_server_ip 1194
 
# route to access local network (192.168.190.0)
# from vpn client network (10.21.21.1)
route 192.168.10.0 255.255.255.0 10.21.21.1
 
# tunnel all traffic through vpn
redirect-gateway def1 
 
tls-client
 
user nobody
group nogroup
 
#comp-lzo # Do not use compression.
 
# More reliable detection when a system loses its connection.
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key
 
mute-replay-warnings
 
verb 3
 
cipher BF-CBC
auth SHA1
pull
 
auth-user-pass
 
<ca>
-----BEGIN CERTIFICATE-----
...
ca cert here
...
-----END CERTIFICATE-----
</ca>

client
dev tun
 
proto udp
remote vpn.example.org
port 1194
 
resolv-retry infinite
 
nobind
 
persist-key
persist-tun
 
# use this to point to certificates or embed them directly in file like below
#ca ca.crt
#cert client.crt
#key client.key
 
remote-cert-tls server
 
tls-auth ta.key 1
 
cipher AES-256-CBC
 
verb 3
 
 
# embedded certificates
<ca>
... CA certificate
</ca>
<key>
... client's key
</key>
<cert>
... client's certificate
</cert>
<tls-auth>
... tls-auth ta.key
</tls-auth>