lessons/084/example-2.ovpn

client
dev tun
proto udp
remote 54.225.193.209 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-GCM
auth SHA256
key-direction 1
verb 3

; If Linux client do NOT use systemd-resolved
; script-security 2
; up /etc/openvpn/update-resolv-conf
; down /etc/openvpn/update-resolv-conf

; If Linux client do USE systemd-resolved
; script-security 2
; up /etc/openvpn/update-systemd-resolved
; down /etc/openvpn/update-systemd-resolved
; down-pre
; dhcp-option DOMAIN-ROUTE .
<ca>
-----BEGIN CERTIFICATE-----
MIIB+TCCAX+gAwIBAgIUNZ72IB3EgE2hoZnXKaJ1twWwKc4wCgYIKoZIzj0EAwQw
FTETMBEGA1UEAwwKT3BlblZQTiBDQTAeFw0yMTA5MTIxNTEyMzFaFw0zMTA5MTAx
NTEyMzFaMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0EwdjAQBgcqhkjOPQIBBgUrgQQA
IgNiAATpkQfIt+UVne2IWc5mHX0IxFL/ROwqduKXZrSaDVOPgWOwWxM6EC9wHWdG
TrMGzGvo1JrWFfKAs0R8vDGAY0lgYYWcQ0xGEes7YCOXSXJIq1pWv4gZ7PPeD6+x
2vyaMNOjgY8wgYwwHQYDVR0OBBYEFNPORvR6hHelDSCWs0UEOfOC6BUJMFAGA1Ud
IwRJMEeAFNPORvR6hHelDSCWs0UEOfOC6BUJoRmkFzAVMRMwEQYDVQQDDApPcGVu
VlBOIENBghQ1nvYgHcSATaGhmdcponW3BbApzjAMBgNVHRMEBTADAQH/MAsGA1Ud
DwQEAwIBBjAKBggqhkjOPQQDBANoADBlAjEArcfcDrEj/9y0qfLPXKznfkf7mInC
4NI4Cs/+BmzMaD/M0vGSsaT/pbOlMtlkdiJBAjBcEwec+t/2/iHAh8Xb9aiWUQA6
iQHu9JPw02SOwgyDp4omqQdwdBAjh7KwWFJjVOQ=
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            c6:a5:cf:87:4d:dd:d4:d6:e6:cb:f9:89:f0:45:1f:04
        Signature Algorithm: ecdsa-with-SHA512
        Issuer: CN=OpenVPN CA
        Validity
            Not Before: Sep 12 15:45:28 2021 GMT
            Not After : Dec 16 15:45:28 2023 GMT
        Subject: CN=example-2
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (384 bit)
                pub:
                    04:6d:a5:42:d5:cc:6c:19:a1:dc:04:13:e1:00:61:
                    bc:88:70:a2:b6:40:a9:14:e2:78:d8:8c:9c:58:14:
                    a4:55:17:69:f3:3b:ef:cc:94:9f:b7:41:3d:6e:6f:
                    8e:4a:2c:65:ed:25:69:c0:0c:f5:b7:54:48:21:38:
                    32:83:f6:74:b6:83:95:52:b7:b4:35:12:f3:f9:84:
                    71:02:48:27:1c:8d:b5:0b:35:4b:51:b8:ca:c4:bb:
                    0d:8f:77:d4:7d:f7:64
                ASN1 OID: secp384r1
                NIST CURVE: P-384
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Subject Key Identifier:
                D2:DD:7A:52:E5:C5:60:BE:AC:E7:6A:57:2B:78:C7:9D:10:FC:19:05
            X509v3 Authority Key Identifier:
                keyid:D3:CE:46:F4:7A:84:77:A5:0D:20:96:B3:45:04:39:F3:82:E8:15:09
                DirName:/CN=OpenVPN CA
                serial:35:9E:F6:20:1D:C4:80:4D:A1:A1:99:D7:29:A2:75:B7:05:B0:29:CE

            X509v3 Extended Key Usage:
                TLS Web Client Authentication
            X509v3 Key Usage:
                Digital Signature
    Signature Algorithm: ecdsa-with-SHA512
         30:65:02:31:00:c1:27:c4:7c:f0:b3:17:ca:fd:ce:9c:99:ea:
         b3:6e:d3:3a:f3:db:c7:9c:41:49:47:44:73:ff:b8:7f:b1:67:
         38:ce:1a:7a:54:f4:da:64:af:17:63:32:73:fd:3e:07:4e:02:
         30:20:ba:e7:af:7a:2c:d4:c3:79:4d:69:d3:c9:53:0e:34:0d:
         7f:36:21:2f:36:8c:a9:8c:ed:aa:15:2e:48:48:20:4b:9e:82:
         ef:8b:be:f5:6b:ae:c5:42:d6:40:d9:6c:25
-----BEGIN CERTIFICATE-----
MIICBzCCAY2gAwIBAgIRAMalz4dN3dTW5sv5ifBFHwQwCgYIKoZIzj0EAwQwFTET
MBEGA1UEAwwKT3BlblZQTiBDQTAeFw0yMTA5MTIxNTQ1MjhaFw0yMzEyMTYxNTQ1
MjhaMBQxEjAQBgNVBAMMCWV4YW1wbGUtMjB2MBAGByqGSM49AgEGBSuBBAAiA2IA
BG2lQtXMbBmh3AQT4QBhvIhworZAqRTieNiMnFgUpFUXafM778yUn7dBPW5vjkos
Ze0lacAM9bdUSCE4MoP2dLaDlVK3tDUS8/mEcQJIJxyNtQs1S1G4ysS7DY931H33
ZKOBoTCBnjAJBgNVHRMEAjAAMB0GA1UdDgQWBBTS3XpS5cVgvqznalcreMedEPwZ
BTBQBgNVHSMESTBHgBTTzkb0eoR3pQ0glrNFBDnzgugVCaEZpBcwFTETMBEGA1UE
AwwKT3BlblZQTiBDQYIUNZ72IB3EgE2hoZnXKaJ1twWwKc4wEwYDVR0lBAwwCgYI
KwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMEA2gAMGUCMQDBJ8R88LMX
yv3OnJnqs27TOvPbx5xBSUdEc/+4f7FnOM4aelT02mSvF2Myc/0+B04CMCC65696
LNTDeU1p08lTDjQNfzYhLzaMqYztqhUuSEggS56C74u+9WuuxULWQNlsJQ==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAgF/aRKik4B2Fo6U1V
DeEjNrtTWhaI0bTWkrSxP4Lx82PEmsxF2nvIX8X2AAOjXe+hZANiAARtpULVzGwZ
odwEE+EAYbyIcKK2QKkU4njYjJxYFKRVF2nzO+/MlJ+3QT1ub45KLGXtJWnADPW3
VEghODKD9nS2g5VSt7Q1EvP5hHECSCccjbULNUtRuMrEuw2Pd9R992Q=
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
c0f0b9e36043e707b9f8968cb7f395c5
b46880a3c42e3508f1fd94304a1a5dc8
173f49bebf9b0398e30cc14a73969471
8e53764ce7194986da3cf08728e0d591
93453f024045ee5e9d0fe36fbefb401b
b5df54a72933e0ec03ac8202c6fe327c
f81b50e767926395aa00c678080ca501
7584c65b52c602a2fecbb0873a91ed63
f0a41b7eb8b926757a639e75c485dee8
eb918267d3484987a135fba178a2e9f3
08f2a8139bb743e69867a7ce3759b674
c32d5eae6439b534fc8baca8ebbc2054
cd3c5321bf87c78872c6a92f257ac8f2
7a6485df3ee3a089d7e3ff8e1f66c426
2cb58a1c733974fdf082a0e29f96cd1a
d21c2e3e9bd3927f022870fad38cd2b4
-----END OpenVPN Static key V1-----
</tls-crypt>