Example 16.2 VPN Client Configuration File
# /etc/openvpn/client.conf
client
dev tun
proto udp
remote IP_OR_HOSTNAME 1194
resolv-retry infinite
nobind
# Privleges
user nobody
group nobody
# Try to preserve some state across restarts.
persist-key
persist-tun
# Security
ca
ssl/ca.crt
cert ssl/client.crt
key
ssl/client.key
comp-lzo
We have to specify that this machine is a client.
The network device. Both clients and server must use the same device.
The protocol. Use the same settings as on the server.
Replace the placeholder IP_OR_HOSTNAME with the respective hostname or IP
address of your VPN server. After the hostname the port of the server is given.
You can have multiple lines of remote entries pointing to different VPN servers.
This is useful for load balancing between different VPN servers.
For security reasons it is a good idea to run the OpenVPN daemon with reduced
privileges. For this reason the group and user nobody is used.
Contains the client files. For security reasons, it is better to have a separate file
pair for each client.
Turns compresson on. Use it only when the server has this parameter switched
on, as well.
154
Security Guide