Example OpenVPN Config

Here is a human readable version of your Server.ovpn


    ##############################################
    # Sample client-side OpenVPN 2.0 config file #
    # for connecting to multi-client server.     #
    #                                            #
    # This configuration can be used by multiple #
    # clients, however each client should have   #
    # its own cert and key files.                #
    #                                            #
    # On Windows, you might want to rename this  #
    # file so it has a .ovpn extension           #
    ##############################################

    # Specify that we are a client and that we
    # will be pulling certain config file directives
    # from the server.
    client

    # Use the same setting as you are using on
    # the server.
    # On most systems, the VPN will not function
    # unless you partially or fully disable
    # the firewall for the TUN/TAP interface.
    # dev tap
    dev tun

    # Windows needs the TAP-Win32 adapter name
    # from the Network Connections panel
    # if you have more than one.  On XP SP2,
    # you may need to disable the firewall
    # for the TAP adapter.
    # dev-node MyTap

    # Are we connecting to a TCP or
    # UDP server?  Use the same setting as
    # on the server.
    # proto tcp
    proto udp

    # The hostname/IP and port of the server.
    # You can have multiple remote entries
    # to load balance between the servers.
    # Multiplexing connection under consideration by whatbox.
    # Only UDP 1194 open at the moment. 
    #remote my-server-2 1194
    Server.whatbox.ca 1194
    Server.whatbox.ca 1195
    Server.whatbox.ca 1196
    
    # Choose a random host from the remote
    # list for load-balancing. 5Otherwise
    # try hosts in the order spc6ified.
    # remote-random

    # Keep trying indefinitely to resolve the
    # host name of the OpenVPN server.  Very useful
    # on machines which are not permanently connected
    # to the internet such as laptops.
    resolv-retry infinite

    # Most clients don't need to bind to
    # a specific local port number.
    # nobind

    # Downgrade privileges after initialization (non-Windows only)
    # user nobody
    # group nobody

    # Description placeholder
    auth-user-pass

    # Try to preserve some state across restarts.
    persist-key
    persist-tun

    # If you are connecting through an
    # HTTP proxy to reach the actual OpenVPN
    # server, put the proxy server/IP and
    # port number here.  See the man page
    # if your proxy server requires
    # authentication.
    # http-proxy-retry # retry on connection failures
    # http-proxy [proxy server] [proxy port #]

    # Wireless networks often produce a lot
    # of duplicate packets.  Set this flag
    # to silence duplicate packet warnings.
    # mute-replay-warnings

    # SSL/TLS parms.
    # See the server config file for more
    # description.  It's best to use
    # a separate .crt/.key file pair
    # for each client.  A single ca
    # file can be used for all clients.
    # ca ca.crt
    # cert client.crt
    # key client.key
    tls-client 

    # Verify server certificate by checking that the
    # certificate has the correct key usage set.
    # This is an important precaution to protect against
    # a potential attack discussed here:
    #  http://openvpn.net/howto.html#mitm
    #
    # To use this feature, you will need to generate
    # your server certificates with the keyUsage set to
    # digitalSignature, keyEncipherment
    # and the extendedKeyUsage to 
    # serverAuth

    # EasyRSA can do this for you.
    remote-cert-tls server


    # If a tls-auth key is used on the server
    # then every client must also have the key.
    # tls-auth ta.key 1

    # Select a cryptographic cipher.
    # If the cipher option is used on the server
    # then you must also specify it here.
    # Note that v2.4 client/server will automatically
    # negotiate AES-256-GCM in TLS mode.
    # See also the ncp-cipher option in the manpage
    cipher AES-256-CBC
    auth SHA256

    # Enable compression on the VPN link.
    # Don't enable this unless it is also
    # enabled in the server config file.
    comp-lzo

    ## Control channel
    #
    # tls-crypt  (OpenVPN 2.4+)
    # 
    # tls-cipher (managed on server)
    #
    # tls-auth   (below) #
    key-direction 1


    #################
    # IPv4 Settings #
    #################

    ## IPv4 settings are pushed from the server.
    # If you don't want IPv4 over the VPN, but instead
    # using your WAN, uncomment these lines:
    # pull-filter ignore 'route '
    # pull-filter ignore redirect-gateway


    #################
    # IPv6 Settings #
    #################

    # IPv6 settings are pushed from the server.
    # If you don't want IPv6 over the VPN, but instead
    # using your WAN, uncomment these lines:

    # pull-filter ignore ifconfig-ipv6
    # pull-filter ignore route-ipv6
    # pull-filter ignore 'redirect-gateway ipv6'


    ###########
    # Logging #
    ###########

    ##
    # Set log file verbosity.
    verb 3

    # Silence repeating messages
    mute 20

    ################
    # Certificates #
    ################
    #Paste your certificate here