############################################## # for connecting to multi-client server. # # # # This configuration can be used by multiple # # clients, however each client should have # # its own cert and key files. # # # # On Windows, you might want to rename this # # file so it has a .ovpn extension # ############################################## auth-user-pass auth-nocache dhcp-option DNS 52.40.179.18 # Specify that we are a client and that we # will be pulling certain config file directives # from the server. client # Use the same setting as you are using on # the server. # On most systems, the VPN will not function # unless you partially or fully disable # the firewall for the TUN/TAP interface. ;dev tap dev tun tun-mtu 1280 # Windows needs the TAP-Win32 adapter name # from the Network Connections panel # if you have more than one. On XP SP2, # you may need to disable the firewall # for the TAP adapter. ;dev-node MyTap # Are we connecting to a TCP or # UDP server? Use the same setting as # on the server. proto udp # The hostname/IP and port of the server. # You can have multiple remote entries # to load balance between the servers. remote tsrveu02-a.bytz.io 993 remote tsrveu02-b.bytz.io 993 remote tsrveu02-c.bytz.io 993 remote tsrveu02-d.bytz.io 993 remote tsrveu02-aa.bytz.io 993 remote tsrveu02-bb.bytz.io 993 remote tsrveu02-cc.bytz.io 993 remote tsrveu02-dd.bytz.io 993 remote-random # Keep trying indefinitely to resolve the # host name of the OpenVPN server. Very useful # on machines which are not permanently connected # to the internet such as laptops. resolv-retry infinite # Most clients don't need to bind to # a specific local port number. nobind # Downgrade privileges after initialization (non-Windows only) ;user nobody ;group nogroup # Try to preserve some state across restarts. persist-key persist-tun # If you are connecting through an # HTTP proxy to reach the actual OpenVPN # server, put the proxy server/IP and # port number here. See the man page # if your proxy server requires # authentication. ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] # Wireless networks often produce a lot # of duplicate packets. Set this flag # to silence duplicate packet warnings. ;mute-replay-warnings # SSL/TLS parms. # See the server config file for more # description. It's best to use # a separate .crt/.key file pair # for each client. A single ca # file can be used for all clients. ;ca ca.crt ;cert client.crt ;key client.key # Verify server certificate by checking that the # certicate has the correct key usage set. # This is an important precaution to protect against # a potential attack discussed here: # http://openvpn.net/howto.html#mitm # # To use this feature, you will need to generate # your server certificates with the keyUsage set to # digitalSignature, keyEncipherment # and the extendedKeyUsage to # serverAuth # EasyRSA can do this for you. remote-cert-tls server # If a tls-auth key is used on the server # then every client must also have the key. ;tls-auth ta.key 1 key-direction 1 # Select a cryptographic cipher. # If the cipher option is used on the server # then you must also specify it here. ;cipher x cipher AES-128-CBC auth SHA256 # Enable compression on the VPN link. # Don't enable this unless it is also # enabled in the server config file. ;comp-lzo # Set log file verbosity. verb 3 # Silence repeating messages ;mute 20 -----BEGIN CERTIFICATE----- MIIEdzCCA1+gAwIBAgIJAMcX52t6bg3GMA0GCSqGSIb3DQEBCwUAMIGDMQswCQYD VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxEDAOBgNV BAoTB0J5dHpWUE4xEzARBgNVBAMTCkJ5dHpWUE4gQ0ExDzANBgNVBCkTBnNlcnZl cjEaMBgGCSqGSIb3DQEJARYLcm9iQGJyYXgubWUwHhcNMTkwMTIyMDA1OTA1WhcN MjkwMTE5MDA1OTA1WjCBgzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYD VQQHEwpMb3NBbmdlbGVzMRAwDgYDVQQKEwdCeXR6VlBOMRMwEQYDVQQDEwpCeXR6 VlBOIENBMQ8wDQYDVQQpEwZzZXJ2ZXIxGjAYBgkqhkiG9w0BCQEWC3JvYkBicmF4 Lm1lMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkmzOcijVQL49B47Q AyEtTr9pmmkhtJivWOjgU/fBBqyLgZrCdO0D99GD0tsEm5v6slpH8b2iQO9+dY7F BfQ3WQgymToNEnpMqN2FrMj0/gc1uNIMX10yguSMJTmsWei/LHoOOlmAtMKh5xAZ 5vllsBaxxjfXN6L/rCYcIp+6iTTmZ6kRQdnQ958oGnpAWYVkkMk29gR8Qp6MWqWl JNMKO2AvkiamHLn1Opv+0t4FIboI7uYQaCdEAOhlPfgSGRPAFSEYlkugBdUO4uOX 7qdj2zIH2E++YMrAoPX0k/Bz9KM7nYWFkD9GbDCiBb4hhZ1aQm0QAoiRM4AwQTJT DAiIDQIDAQABo4HrMIHoMB0GA1UdDgQWBBTHgnKxtYUKfDPu8Lfo8m5vHmZyHzCB uAYDVR0jBIGwMIGtgBTHgnKxtYUKfDPu8Lfo8m5vHmZyH6GBiaSBhjCBgzELMAkG A1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpMb3NBbmdlbGVzMRAwDgYD VQQKEwdCeXR6VlBOMRMwEQYDVQQDEwpCeXR6VlBOIENBMQ8wDQYDVQQpEwZzZXJ2 ZXIxGjAYBgkqhkiG9w0BCQEWC3JvYkBicmF4Lm1lggkAxxfna3puDcYwDAYDVR0T BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAkYUf77VemY9eCKmBMYhqBvcsnHGv rfzY4XGMTp8AyGS2P9a/15mK7Q+LeSUb+P6R3WAkVjwAPON0jHqPP/8ia0XxdaOL /mU/qTO/Pj6/DRRhmzCORVIGBF50Vs8okz3GTiyw62yJ2Cyy0p86Cs8delLTT+hr wFTenCfu+sKn2byaVX2oeR94BeYNAUqKx8C7RGVmX31nPePOf3fnXy0yDWHlXdDT +Vsz6kwwE72XZktO1XIrunPtbOk32O52WpB7B+LHuf/STB5GGhWyVO7hVHk9P8Eb tNl7B9YqY5cA694QhVj6uaSZVbF32ZocL3paHeD6392uj7SIOBSZmcjXiQ== -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=CA, L=LosAngeles, O=BytzVPN, CN=BytzVPN CA/name=server/emailAddress=rob@brax.me Validity Not Before: Jan 22 01:01:50 2019 GMT Not After : Jan 19 01:01:50 2029 GMT Subject: C=US, ST=CA, L=LosAngeles, O=BytzVPN, CN=client1/name=server/emailAddress=rob@brax.me Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:bb:c6:76:cd:79:7b:e8:ca:3b:00:0a:8f:f5:e6: 1c:fe:4b:a8:ee:34:90:60:3e:6b:cc:45:de:73:6d: ab:1a:30:58:65:3d:ef:b5:18:fd:10:6e:5e:37:46: bf:7c:22:29:6c:f9:7c:25:f3:b9:ee:48:ae:f7:93: 5f:0a:c3:ee:f9:09:67:55:cc:93:9f:bb:c4:f0:63: 25:85:9e:f4:73:a4:21:76:48:97:4c:d8:60:56:55: e9:7b:cf:25:dc:3d:44:c0:6d:e5:f3:22:f0:53:1a: 33:56:e7:b8:2d:bb:c0:29:96:87:83:f3:c9:27:67: 7e:ea:a3:f9:7b:5c:2c:fc:fb:52:d4:9b:2e:18:f9: e0:c0:b6:1d:f4:ed:4d:32:0e:48:26:00:84:b9:25: 02:ef:f4:88:2e:59:e8:19:51:51:2a:53:07:f0:b1: 1f:fe:3d:c8:67:c8:9a:7a:91:c9:ec:a2:25:97:8a: f0:48:33:5d:bf:20:46:0a:61:93:de:fd:a7:54:fc: 80:b7:6d:41:3a:bf:a5:0c:9a:ff:e4:c1:75:ae:7e: 2e:a8:62:98:d5:f4:91:d1:30:8f:69:43:7f:2e:16: 4c:c7:8d:ff:9d:29:dd:56:35:63:4d:a3:b9:7f:c2: fc:a1:eb:c8:54:09:33:0b:08:db:a3:d4:7b:79:4e: bd:d3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: Easy-RSA Generated Certificate X509v3 Subject Key Identifier: 3F:C6:C7:F8:9D:54:94:78:09:60:70:B1:BA:F6:50:44:CE:25:0B:BE X509v3 Authority Key Identifier: keyid:C7:82:72:B1:B5:85:0A:7C:33:EE:F0:B7:E8:F2:6E:6F:1E:66:72:1F DirName:/C=US/ST=CA/L=LosAngeles/O=BytzVPN/CN=BytzVPN CA/name=server/emailAddress=rob@brax.me serial:C7:17:E7:6B:7A:6E:0D:C6 X509v3 Extended Key Usage: TLS Web Client Authentication X509v3 Key Usage: Digital Signature X509v3 Subject Alternative Name: DNS:client1 Signature Algorithm: sha256WithRSAEncryption 2a:49:94:13:41:c8:1d:eb:a9:c3:c2:8a:84:8f:0b:1f:f7:72: e2:62:02:89:c4:6b:81:37:a9:83:35:9c:8d:93:d0:31:bb:25: 90:86:4e:0a:1d:f5:14:e2:54:ee:20:50:d2:13:e4:49:c8:34: 8f:d4:d7:f8:28:8e:f0:c7:62:1b:42:dc:b5:9b:50:c1:65:84: 24:88:29:47:1c:eb:4c:d2:0b:2d:17:6c:9c:11:3f:45:ab:39: 75:7a:ce:a2:79:86:03:dd:a6:2a:0b:73:d7:8a:4c:6b:d5:f4: c3:e3:d4:29:6f:fd:1a:f3:1e:ff:e6:ad:b8:9a:ab:69:36:db: 2f:16:93:98:61:10:3e:c6:cf:3d:8d:6d:2e:80:bc:b4:01:03: ed:01:ea:5c:59:bd:4a:fa:f0:8c:f0:80:c3:e6:20:a5:a8:7e: e6:64:2b:fe:d1:b3:12:16:f2:03:fa:ad:f6:6d:65:a2:89:b2: 1e:15:51:43:cb:65:a3:d0:0e:0c:b1:11:fe:19:d4:0f:24:7e: 44:4b:4c:5e:ec:8f:35:4b:86:43:df:c6:b0:4e:db:7d:b7:79: 38:2f:6d:6b:1c:99:85:09:b6:56:d8:5c:48:74:97:e7:ca:74: 3a:21:a2:9d:71:f5:8b:39:4a:b9:c6:f8:d4:35:d0:2b:c1:f5: 56:c5:5a:d9 -----BEGIN CERTIFICATE----- MIIE0DCCA7igAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx CzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpMb3NBbmdlbGVzMRAwDgYDVQQKEwdCeXR6 VlBOMRMwEQYDVQQDEwpCeXR6VlBOIENBMQ8wDQYDVQQpEwZzZXJ2ZXIxGjAYBgkq hkiG9w0BCQEWC3JvYkBicmF4Lm1lMB4XDTE5MDEyMjAxMDE1MFoXDTI5MDExOTAx MDE1MFowgYAxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTETMBEGA1UEBxMKTG9z QW5nZWxlczEQMA4GA1UEChMHQnl0elZQTjEQMA4GA1UEAxMHY2xpZW50MTEPMA0G A1UEKRMGc2VydmVyMRowGAYJKoZIhvcNAQkBFgtyb2JAYnJheC5tZTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBALvGds15e+jKOwAKj/XmHP5LqO40kGA+ a8xF3nNtqxowWGU977UY/RBuXjdGv3wiKWz5fCXzue5IrveTXwrD7vkJZ1XMk5+7 xPBjJYWe9HOkIXZIl0zYYFZV6XvPJdw9RMBt5fMi8FMaM1bnuC27wCmWh4PzySdn fuqj+XtcLPz7UtSbLhj54MC2HfTtTTIOSCYAhLklAu/0iC5Z6BlRUSpTB/CxH/49 yGfImnqRyeyiJZeK8EgzXb8gRgphk979p1T8gLdtQTq/pQya/+TBda5+LqhimNX0 kdEwj2lDfy4WTMeN/50p3VY1Y02juX/C/KHryFQJMwsI26PUe3lOvdMCAwEAAaOC AU4wggFKMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUP8bH+J1UlHgJYHCxuvZQRM4lC74w gbgGA1UdIwSBsDCBrYAUx4JysbWFCnwz7vC36PJubx5mch+hgYmkgYYwgYMxCzAJ BgNVBAYTAlVTMQswCQYDVQQIEwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEQMA4G A1UEChMHQnl0elZQTjETMBEGA1UEAxMKQnl0elZQTiBDQTEPMA0GA1UEKRMGc2Vy dmVyMRowGAYJKoZIhvcNAQkBFgtyb2JAYnJheC5tZYIJAMcX52t6bg3GMBMGA1Ud JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDASBgNVHREECzAJggdjbGllbnQx MA0GCSqGSIb3DQEBCwUAA4IBAQAqSZQTQcgd66nDwoqEjwsf93LiYgKJxGuBN6mD NZyNk9AxuyWQhk4KHfUU4lTuIFDSE+RJyDSP1Nf4KI7wx2IbQty1m1DBZYQkiClH HOtM0gstF2ycET9Fqzl1es6ieYYD3aYqC3PXikxr1fTD49Qpb/0a8x7/5q24mqtp NtsvFpOYYRA+xs89jW0ugLy0AQPtAepcWb1K+vCM8IDD5iClqH7mZCv+0bMSFvID +q32bWWiibIeFVFDy2Wj0A4MsRH+GdQPJH5ES0xe7I81S4ZD38awTtt9t3k4L21r HJmFCbZW2FxIdJfnynQ6IaKdcfWLOUq5xvjUNdArwfVWxVrZ -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7xnbNeXvoyjsA Co/15hz+S6juNJBgPmvMRd5zbasaMFhlPe+1GP0Qbl43Rr98Iils+Xwl87nuSK73 k18Kw+75CWdVzJOfu8TwYyWFnvRzpCF2SJdM2GBWVel7zyXcPUTAbeXzIvBTGjNW 57gtu8AploeD88knZ37qo/l7XCz8+1LUmy4Y+eDAth307U0yDkgmAIS5JQLv9Igu WegZUVEqUwfwsR/+PchnyJp6kcnsoiWXivBIM12/IEYKYZPe/adU/IC3bUE6v6UM mv/kwXWufi6oYpjV9JHRMI9pQ38uFkzHjf+dKd1WNWNNo7l/wvyh68hUCTMLCNuj 1Ht5Tr3TAgMBAAECggEAZD0A5JVKcS2rq0z4JrNtnM504pxKyiXoU8akhofvw+40 8e7LTKiHR0MzplxtEe4GoTbZcEUYZzyDsoQIQ23u3yCG+kVYNPf+nLjAqgD9y9G9 TzBXHF2Rp+T62+3r7xMB5ZuFGnL3SdV9vJG8PyWv4kOKGgWExzU3ijh4kMLW/UCd /PZWARf6f0xgG3nLci6n4TF6W/7AK7xO1RXunT4vimOOvtb7Zfi6YhQpnoYQZ1H9 YulkbYil3j7xykokJMahvld9sC5dz58nitwrkZHuw1hCBubiGaQFAoeMGQqM40td GFfR0/n0rpWcYg6ERgOKSU9ZqwwNaSgd/blMELXQSQKBgQDraVfz3AupEdxNdBE9 6U5CSSRJkdUi8F+NwNWnfrTbzeGMh9mifo90mh1S4esEfEQQ6hdLpZJBnaHXs+wy zvqQiaU2mCYfwTlQYNh7vDXmBXOUHirZ1UoClthCMDXLjhCvj7dRQ8AC2J6SkwQR 5jWoUgZLKJOyCbqKPlZBF5gUHQKBgQDMMpY40LabrG4BARr/VvWz+10ulCpIwELD ScPyBVgz/2irwLnaWZBHiJLv03xf6CpbJwDHb/4CSVauuNWdXbPpJf6rA7o0YC1s QT/h6xyay5+XSjDjwRHVM00ukN16+Yi7bxQUjZ4YVV7UelsADmXkwHSnisNdgbrq K7ZtadCWrwKBgQDZEvqXU4EtFdsfULfVbx1K4kcjz+XJof16qSZanOwJA3/IJjz5 Kdr+ml4P32Lnb+8T6cgxaSvEdaaXUMGs2E8UmNhPz1zYS0Seaa816geJY91/55F7 7MGiQZaI8guo+AdK3CseNGsKNNWEMyy9lJpF690B0RjgQzhP4cuHmkoRwQKBgBM4 m81jUB0dQQmVKg5pCB3WBnJw/f31IxOw6OHqQOA8JYUtUhFMpvkk0PgER0vb1cjY xgj/8MAUWTV/LpRukpXavrsoUanGd+Ad0D6a3AlyK2aZVDrMHLqd5qEAf+iofodu MEyy+/O8bX3AuropoMvElfaDaFpv8MFENhrcgAb/AoGAEGxo41OjK25K21LEbUt8 C944qa8zpJCSyMeUrufyu0fHEi3OnDGmcRpPLacVgEswuU0J3e8duRGfnB8hg7NT j3kGNnWj84sCEVWAlYA1NGUDfNNqfKe46x8rQlIFY/YFj0rHmstzOQ6HRrGd/aYv idJ2NBdC2mbNCS5o6ge6IYw= -----END PRIVATE KEY----- # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- 895be1a6c2531f2ddf5ffbfcb1e5cf91 7df521c1ce2a0b8edfe191c19967972c ff39644f37154f118152ba223f5d3b13 8255b5a1afa34874d44c720d54ad2dfb ca64903f428900cfb0cac4609664521d 61bf27cce735cda7bc2779d49f356123 f4218fbb982d7258b78f4c8918244d58 067a28c1db0d26adb3d44247a245cc7a 90ca91114c9e07ed620b9aae6ff04728 e3d6348c32a5a83c048105b750a9d3a2 c49c971f5168f7477277a040349aaa57 365d86e14a8a22be927158690bbd865e 1e01d203f89a142da6e02af52170f08b 5bd5cba380cdc7118d7137cb7d0e65ed a994b0d213737cee6a73452915d81a46 5626d9dfbd8b655bdc6776279f5f2485 -----END OpenVPN Static key V1-----