Windows to Linux VPN
Related documents: Roll out custom Windows OpenVPN clients
On build machine
This may be skipped if you already have a built RPM of OpenVPN or sourced it from yum. From FC3 openvpn is available in the extras repositories.
# yum install lzo lzo-devel openssl-devel pam-devel # rpmbuild -tb openvpn-2.0.5.tar.gz # scp /usr/src/redhat/RPMS/i386/openvpn-2.0.5-1.i386.rpm ccc@192.168.1.85:
On the server
# yum install lzo # rpm -Uvh openvpn-2.0.5-1.i386.rpm
OR
Just do this instead of doing all above steps. This will install openvpn package and its dependencies to ur computer.
# yum install openvpn # cd /usr/share/openvpn/easy-rsa/2.0 # vi vars
Edit the variables KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, KEY_EMAIL to the appropriate value.
# . ./vars
You will need to delete all keys out of the Open VPN database.
# ./clean-all
Generate the Certificate Authority keys
# ./build-ca
It will ask a series of questions. The only field you need to fill in is the Common Name.
# ./build-key-server server
Again, some more questions. Only need to fill in the Common Name and answer 'y' to "Sign the certificate?" and "1 out of 1 certificate requests certified, commit?"
# ./build-dh
This will build the Diffie-Hellman key exchange settings. It will take a while.
# vi /etc/openvpn/openvpn.conf (create this file)
The config of openvpn.conf will included something similar to the following options:
dev tap proto udp port 1194 server 192.168.128.0 255.255.255.0 ifconfig 192.168.128.1 255.255.255.0 tls-server ca /usr/share/openvpn/easy-rsa/2.0/keys/ca.crt cert /usr/share/openvpn/easy-rsa/2.0/keys/servername.crt key /usr/share/openvpn/easy-rsa/2.0/keys/servername.key dh /usr/share/openvpn/easy-rsa/2.0/keys/dh1024.pem mute 10 verb 3 ping 10 keepalive 0 0 status /var/log/openvpn/openvpn-status.log log-append /var/log/openvpn/openvpn.log ip-win32 ipapi
Note: servername is the name of the computer
ip-win32 used to be not there. but we have problems with windows 10. other options
for it are ip-win32 manual and ip-win32 netshIf multiple customers are going to be connecting to a single server, like in the situation of an ASP. Multiple keys can be setup, along with multiple configuration files, but a different port must be setup for each customer/configuration.
Do not forget to start openpn service
Building key and crt for client to connect vpn
Server side
On the VPN server, run:
# cd /usr/share/openvpn/easy-rsa/2.0 # source vars # ./build-key <client>
It will then ask you a series of questions, similar to the ones asked by the ./build-key-server script. You should only need to answer the "Common Name" field, "Sign the certificate?" and "1 out of 1 certificate requests certified, commit?"
In the keys directory under current a configuration file config.ovpn similar to openvpn.conf must be created.
Note: Instead of using openvpn.conf give a meaningful name like name of the computer or person using that vpn. (eg kim.conf)
# Configuration for connecting into Creative computing internal network tls-client dev tap proto udp remote creativecomputing.com.au 1194 resolv-retry infinite nobind ifconfig 192.168.128.x 255.255.255.0 # This line is client dependent. (x means choose the ip address to use for client) ca ca.crt cert <client>.crt key <client>.key verb 3 mute 10
Then zip all these file you just created ( .crt, .key,.opvn and etc may be 6 or so files)
#zip filename.zip filenames dh1024.pem ca.crt
#scp to our muppets at /var/www/html/companyname (company name is folder you will create before copying to muppet)
On the client, install the latest version ofOpenVPN GUI for Windows, applying all the default options.
Or you can download this openvpn for client from our website
www.creativecomputing.com.au/openvpn ( run it in client machine)
Then
Copy zip folder from our website ( www.creativecomputing.com.au/companyname)
Copy the files /usr/share/openvpn/easy-rsa/2.0/keys/<client>.* /usr/share/openvpn/easy-rsa/2.0/ca.crt and /usr/share/openvpn/easy-rsa/2.0/dh1024.pem from the server to the C:\Program Files\OpenVPN\config folder on the client.
On the lower right hand side two red computer icons should apper, right click and connect to vpn server.
Note: Do not forget to port forward in their router ( port start and port end upd 1194 , portmap 1194)
There should be a script on muppets in /etc/openvpn/easy-rsa/email_keys. It takes two arguments: the client name and the email address. It should automatically create the keys for you and email them to the specified address. If any of the steps above change. The script will also need to be changed.
On a network with NAT, port1194with protocolUDPmust be forwarded to server's local IP address.Roll Your Own OpenVPN Windows Installation Package. Windows clients are known to time out, if OpenVPN is run as a service (non GUI) the following commands from RestartVPN.bat can quickly restart the service.
net stop "openvpn service" net start "openvpn service"
To have OpenVPN automatically connect at startup, edit the reigstry KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\openvpn_gui to the following value:
C:\Program Files\OpenVPN\bin\openvpn-gui.exe --connect <OVPN file>
Creative Staff Client Configuration
# Configuration for connecting into Creative computing internal network explicit-exit-notify 2 tls-client dev tap proto udp remote creativecomputing.com.au 1194 resolv-retry infinite nobind ifconfig 192.168.128.x 255.255.255.0 # This line is client dependent. route 192.168.127.0 255.255.255.0 192.168.128.1 dhcp-option DOMAIN crecom.com.au dhcp-option DNS 192.168.128.1 ca ca.crt cert <client>.crt key <client>.key tls-auth ta.key 1 verb 3 mute 10
OpenVPN using TUN
Sometimes it's more desirable to use TUN interface instead of TAP because TUN does not need root access, which works well on iOS and Android platforms.
Set up server side:
<need to copy stuff from CentOS 6 install guide as much of it is the same>
server side config file:
######################################## # Sample OpenVPN config file for # 2.0-style multi-client udp server # # Adapted from http://openvpn.sourceforge.net/20notes.html # # tun-style tunnel port 1194 dev tun # Use "local" to set the source address on multi-homed hosts #local [IP address] # TLS parms tls-server ca /usr/share/easy-rsa/3.0/pki/ca.crt cert /usr/share/easy-rsa/3.0/pki/issued/server.crt key /usr/share/easy-rsa/3.0/pki/private/server.key dh /usr/share/easy-rsa/3.0/pki/dh4096.pem crl-verify /usr/share/easy-rsa/3.0/pki/crl.pem tls-auth /usr/share/easy-rsa/3.0/pki/ta.key 0 # Tell OpenVPN to be a multi-client udp server mode server # The server's virtual endpoints ifconfig 10.8.0.1 10.8.0.2 # Pool of /30 subnets to be allocated to clients. # When a client connects, an --ifconfig command # will be automatically generated and pushed back to # the client. ifconfig-pool 10.8.0.4 10.8.0.255 # Push route to client to bind it to our local # virtual endpoint. push "route 10.8.0.1 255.255.255.255" # Push any routes the client needs to get in # to the local network. #push "route 192.168.0.0 255.255.255.0" # Push DHCP options to Windows clients. #push "dhcp-option DOMAIN example.com" #push "dhcp-option DNS 192.168.0.1" #push "dhcp-option WINS 192.168.0.1" # Client should attempt reconnection on link # failure. keepalive 10 60 # Delete client instances after some period # of inactivity. inactive 600 # Route the --ifconfig pool range into the # OpenVPN server. route 10.8.0.0 255.255.255.0 # The server doesn't need privileges user openvpn group openvpn # Keep TUN devices and keys open across restarts. persist-tun persist-key verb 9 status /var/log/openvpn/openvpn-status.log log-append /var/log/openvpn/openvpn.log
This is very similar to the TAP style config, but does not need root access. It does have limitation that client IP's have to be in a /30 (255.255.255.252) netmask. IP addresses are also sent by the server.
Client config:
######################################### # Sample client-side OpenVPN config file # for connecting to multi-client server. # # Adapted from http://openvpn.sourceforge.net/20notes.html # # The server can be pinged at 10.8.0.1. # # This configuration can be used by multiple # clients, however each client should have # its own cert and key files. # # tun-style tunnel port 1194 dev tun remote 192.168.1.94 ifconfig 10.8.0.201 10.8.0.202 # TLS parms tls-client <ca> -----BEGIN CERTIFICATE----- MIIFOzCCAyOgAwIBAgIJAIRwcwl5cLFPMA0GCSqGSIb3DQEBDQUAMBgxFjAUBgNV BAMTDW9wZW52cG50ZXN0ZXIwHhcNMTgwNjA2MDAwMjM1WhcNMjgwNjAzMDAwMjM1 WjAYMRYwFAYDVQQDEw1vcGVudnBudGVzdGVyMIICIjANBgkqhkiG9w0BAQEFAAOC Ag8AMIICCgKCAgEAzsEmzZHcpJy0a/Do3N7PiYRLv8DhXZUFgZ+MEn2MrLsKe3bJ adgrDQe5Xr92bvnpbtsx1SKsi4NcXbJkhyzz9uzlOyWa/BiGEsMTILpBAT978SId RDh+Us9e/39chCUwowQKO7f3iIvapKDUVnRfejHMEPHS3SIV8St7P/4qLqw7Uzb/ 7wQbA1zy8AbY9WwL/FJH6vy7fZIXw2Wn25Pjeod+9Kleh06t5895Y4NJ1ou6yWp+ 2Fzze7YYliNlwqj+wH5HfyaqfWuCGT1LlHXmyfWb6tJ4QKLLZc8PV4yLygMPjVc0 /q79FUHro6wqPqS2I+Drt9xeGgavZAKI2xBjYNMlJKrv3290y6pMJPI4q05sqwvc I+S1ViOh4TPKrAA6/F1ODYJVeF55zI8opvbLMouaQXU4tmXkuj6Rovm74lxsHn34 a75gwywMYnRC7oo/8ulEqHAODGlgsaI7A/VUm1xM02LBA+2aZiYylFnhZqlm9fRk kzpeLM5liQH0zVwLq0+n3z14ROC9i198f3FlFw4DrQ0GjwyPyYFVvsLLA5xK6Uw1 zXBd9iGxHqKT2MD0JXeKGR6kryDt3v9stQ3uNMyouzZx0C1ogfq/bodkK2wY5pI8 2sf5GmX5rP4Qbw8miqvi/dY5iv7S7q7A7eck7S9gnnCjhwOm3Eeva3R2UmECAwEA AaOBhzCBhDAdBgNVHQ4EFgQUJ4PmFY/1Gm+tb0v6ulbKwd6MS4YwSAYDVR0jBEEw P4AUJ4PmFY/1Gm+tb0v6ulbKwd6MS4ahHKQaMBgxFjAUBgNVBAMTDW9wZW52cG50 ZXN0ZXKCCQCEcHMJeXCxTzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq hkiG9w0BAQ0FAAOCAgEAOCoz+OBR6J8GqzJ2Jf0LsFI+JDJdjmY1gb7e/81Q5n0F 7PCq9Y/4LzuCNJ7kZf1MFJFZAtt2UINbQbOmJElk3Np1CozZhJBO2OYlWOjxWw+A 2g/S68z4/YJTbfIeWbkObbt/alvHibWKvqy0CxsOmXYGHEVnSqtBGzGB/fJdwsUE najQsjw8Yq5GA/FgHVi9/WX/IDmijmrtlx+oBd6Fwn/jfGX+1a+JuvMZveXREcUm 6KzmoGsNyVfH6Ch1UPsRbNJWn6sE0iFFOi+FycXB6QfjsLsY7gxfXrwHWPpJOm4O RHXrB4rS/4XftmdcBFvvTgiN6T6ZT0l+YMntTUFNLpbn31080KICf9xeB05m6aSG wM9EMDQIl9pE86p30UwI/wR2ub3hqXINfEh/jBhcDo28bRy2V1BFcW5Mem+ybKoZ 74RTax+XyNdCSaan0CzZb9jWSq1+sHQo7h+l1Cdw2POeGkEioGDaKNT/stoNe8mm O1LUKb5mx2OqNO96ddQ3H3+FBfHl3KydUBvN2Gox80+TjWRAQ+oqCZl63u9uRibh 5bTGXgy0q6FRD2+CVeBXubKssmvE/o/gUu5F5IVupZ5SSNBFZnasVXo4JL8dv7uJ y58K9iHKWbjsdJnl074qb1oc2llIol4Ccy3pqOChVD65p0Mb6r4mEBG9CCufYjo= -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- MIIFTzCCAzegAwIBAgIRAOhwQwvlBhQVEAoBRssQKn8wDQYJKoZIhvcNAQENBQAw GDEWMBQGA1UEAxMNb3BlbnZwbnRlc3RlcjAeFw0xODA2MDYwMDE5MDdaFw0yODA2 MDMwMDE5MDdaMBIxEDAOBgNVBAMTB2NjY3Rlc3QwggIiMA0GCSqGSIb3DQEBAQUA A4ICDwAwggIKAoICAQDKabYPOpuEqyNdkUJytwhQjNSQDBbwXiIcgH+ZO98/itNC 0x6XwQGN/PSoBhyrN7HOt2WIvf+0r1Nu0YbJXkd9wf1AR/KUxzlA+7/i/IW9e69x ifvO1l+mlwzQdCl/O0JfNx8As1uTONk3zvh13FLdJPxfrG6QbuNp24mAO0O6n6TI lDJnWkFcoxavWA0hYG7J/9iw8/QYi57Y3b4Q+9jsUfDcVSEDVzM7zKqISopq58jz MKcK8nbw0JmgqCQM67KrwsBqGLeDNPzIP1b2rzG5c+GO29nOdKhPQflxX3UB9kIz Yn77U1vw3pf7h/uWHier6sL0meqbo4ulCoTo3ueyutz60o0GFWm0PXaK0GmxxG7p ChahY7CrSENRyEsiKhRDtgRrgOuo3zz5rn692TLXjMSFBlJtjfgAad1txPchOEMd PHLJvWlfadsgiZiZ73cooptNJONuTlzgBIx6Eaa9xB2S5susG5v2BZ4YImBwfoNA vrXID1dDgkP5Czq6T/IDcakdyv4btxnIWAVKgEi4LB7Bc88EZ7kRl8KfO0Yu33af 7EnzxRv2u/Sfp8q88PfKbjVTMBKXb3kNSIRck3Q61sy9hpIs4C9LC3kbrElfBbv6 7AzT8viMPFRIA8/ias/IA8D5oi1KJGzmeqaBPv0a1EVrsWv/P89zP7r+DoNkywID AQABo4GZMIGWMAkGA1UdEwQCMAAwHQYDVR0OBBYEFAPF5MTgUhnKA+N1kdOldq6q xDLnMEgGA1UdIwRBMD+AFCeD5hWP9RpvrW9L+rpWysHejEuGoRykGjAYMRYwFAYD VQQDEw1vcGVudnBudGVzdGVyggkAhHBzCXlwsU8wEwYDVR0lBAwwCgYIKwYBBQUH AwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBDQUAA4ICAQAcb/piIIZ8QbIkt6kL alpSmfhTRO0raszoZY+tnlS7Le/TbYXMPf0GzJUE2NKUwmQtB1cpb9VDrW8TNPzB GrDIviiDhZqMK0CoMsRJgee+5MIKLTWuTKOj7n8g6X+SCGEW+Vwph8pwbJBS/Th3 ZUnLGyYGbiBqzfL0X9ndFg1SiZg2LIEOxT0X6JpzJmlX32RoQS9vMyk0K2EcD1Jw UR3cYOKWy9FE93cL9HIYTjm9exTnUGcoIAXkIrT+ROoMVobKUlSdlYxuexjO9gGx 4cbLl6kY7/bmy2JtBOy+BXNM0vmBRrkqD9715Tg3tGPFX9CwUUBwgw7yJg4+IQdW ln59smuxCfI5HAb7zYQOLhtCzZM9WEmG9J+J3oNqVyjRHrXhiMy0pdUMFOJ6RIfz suBF/r+n5VbRiT/w3CAI9zYbaFA29325tMvZ2mu0x1GfRri0D9/rsGa/MJlfIC4X Az6W0AnB7jgqDUuvtUPAlBPOyYOg9sjSmF9NNUw0PcfNyR3FbA51b8/DlW9bwpSY JSKH6e/nXVHaduDX1my67PP4dDzvuOeb60gJLJqznfP5Wlo6h/K54lZryaQ4o6Yp Dkk77Q8hvLkCo857Q0O0aVwCd7tkGZs/ga7FFTkMlt4r97fxdYrtTN0K4lq03jcr /fjQih6YR1z8FIgs7aiume/Vmw== -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDKabYPOpuEqyNd kUJytwhQjNSQDBbwXiIcgH+ZO98/itNC0x6XwQGN/PSoBhyrN7HOt2WIvf+0r1Nu 0YbJXkd9wf1AR/KUxzlA+7/i/IW9e69xifvO1l+mlwzQdCl/O0JfNx8As1uTONk3 zvh13FLdJPxfrG6QbuNp24mAO0O6n6TIlDJnWkFcoxavWA0hYG7J/9iw8/QYi57Y 3b4Q+9jsUfDcVSEDVzM7zKqISopq58jzMKcK8nbw0JmgqCQM67KrwsBqGLeDNPzI P1b2rzG5c+GO29nOdKhPQflxX3UB9kIzYn77U1vw3pf7h/uWHier6sL0meqbo4ul CoTo3ueyutz60o0GFWm0PXaK0GmxxG7pChahY7CrSENRyEsiKhRDtgRrgOuo3zz5 rn692TLXjMSFBlJtjfgAad1txPchOEMdPHLJvWlfadsgiZiZ73cooptNJONuTlzg BIx6Eaa9xB2S5susG5v2BZ4YImBwfoNAvrXID1dDgkP5Czq6T/IDcakdyv4btxnI WAVKgEi4LB7Bc88EZ7kRl8KfO0Yu33af7EnzxRv2u/Sfp8q88PfKbjVTMBKXb3kN SIRck3Q61sy9hpIs4C9LC3kbrElfBbv67AzT8viMPFRIA8/ias/IA8D5oi1KJGzm eqaBPv0a1EVrsWv/P89zP7r+DoNkywIDAQABAoICAQCrP+q3Ubd39C7Un+wfD/np 5GyGfqP9szaa9KB/7WbA5Nw+Ik40yCdfkM8RRTKGLXWy1fkCSvWHUfp9vKmTvr8v h6uS8gwrka4/6356NXmVSYqyvbIcWcTNNeiyiET/jwxlcEY7moN0uFkW3XXaiZBV 50/aRhG5AwhGbGYV5o4z25NX3AIU7Qh1rsmnihB515OENYCIna08AwxeoKSIy/rI Xb8xOpjWsbT39/2jl6UqM3YRQm1hVqgIsAP6J6dwgw1EQl32pXjFelQPu38A8FJa e88uxZSuFoa7n67CG6fsBAQYY1HZorobvMfLGE5jwJmB2vocZghWq3SfKpouR0Cw ti1G6nfy8tUO9DNQ3gN4Vm6wZJdhG7b2GNSHRVPv2Fk8aJ/diVFe4lp90fnCWEdh YNZLcXXKV70Bus8foy1N+CTQ2ETox7vUAHw26DMEvN5gCTdERYMqLxOerJOxLSdY rOICVTPKCQNLDnXko8TyRB8bNFv8YLhsGkG3NtzKGl91/P1XeTtHGcOO4e2OGFIv NwLImjBW5SKcBzpo3fbFyxHvRRSA+0t7OD5wZ/ukC88ZWvz4B3CWP6x5TA8FqIsV W/wHaERgXaJSkOJOlla7QT9/6EbZ3QpTZfaVu2jqIgiLAdQ3kCd4PRoSCui4XXdF 7tCPjjdLcDxw1PAKjGFQqQKCAQEA5t5N+j9Sbf0D9QFZ0CNI7T005uv2djeDxxUM lfgII6C+DKeEMSP1hQh8uLHqYq0Wi4qiFkiKwClr7dNTO9giY5ijxIv/oa8Jvd8P 1ph49htqEI2hzCA9K5n/sNyErCg+NoRGtEkMlUPaVN7fl4A7elvW8Gc3MS83oZu+ 1feIzcKXld0Gsj/B9p3/dfNR1dxBzA4i5X8/cDkCi3nm8LkOOhqqkuH5CL/Z2/xI C1DlbRca5tbwh1vTi5VXGjlGEO3yK1frS31qZK6Kl0LQjNeEBG3PII+C+hx7wtNZ LXe2mp6LdnoSTcUFBLtmE1NIeyfPnMvPnq4yyJnkd9XPShmb/wKCAQEA4HJtl8kv zChVp4HVHu41fZPgTp+FcjsUTtkDDJa3lsdrTIzeenqNyPFLugjh/Op/uUV29LSR pLt4/bMw1s1/7NnSdNnOYqR7x33pnA8R3PHYH31mJKl3oJqLClXEJbw6hxAEzHgJ A/GxbRproaKQqL/CeUBRqFKoX3zQ4vIRX5GefJx2qDkoP3xLUPpwM3NzOb0xCk+s C+oUJVtp7L6KPhieGMFLoa0Ib8TQMlgg06ZgZINnkwQExaF9ZfM1duGxLirDKy+J FpOHPSZq/uqWfkL10Xz2+kWFDGh6XkolkRC2y4b45CKR1A99V7YfJ0tzZyExJgzs FKCLBVWkUI3nNQKCAQEAqnF1IEufj5Q8V6WnqQJj1MJbTCDo1F4n69KeeBml6KfD p5QFBEKIAK9DZRf08uTWwC6Ze9oSlcv+4pYh3Qy0VtNaFMFG+RdBGeyUxNnMc+XJ aG8oBIvInWgUXX5wdKlBRP5jNLa5k3mEtyPT7wW845jqFpIdLTKu36EcQtt9JGuF fh6v0uk/SdNbxrjcsgbqjLvjB4vqSe/M8SwOU6pL1pnZVJeAQ/Vf4glfJvuSZfeo 5MPK0CP7ChI3PCUMlXMWVumRzSnKYop5xzKMxW5XCO4I/QD2sbBVroBaVjcLmRtz 2wREfyX1jojL03ipCkNaA2h037G7zF3RTqeLYimGAQKCAQBCAwWejcpkBjzi7jmL Rk4vJ+3h0eMCrMOVSRgvfKh0TSSOuCO67A6FWgqGpZQpuaJlEDwjTnRDeevk2e30 Ty5fr9TJD0I3Gt9Y1fx+LKR5UhvZbx06jSkk8C8SlBUDcC/ah2iR5n/oTA594zZi rJhVOUjuNm+NzPm+U8xv4vgfHon5Zl8zrNPckCbqoy2axErQYYdp2/Li8i6IqjEm MwgfqUfeSgN/go+np7///pFxDk7tYQR2ZcktgwiJkpVX6Jse0+7g5bMxE6TD5Ge1 n7MxYWpA+br98rJl6tiKoM4Zs0u/4muTVWOEdiXMRUE2YmeHnmiBI23Px0P8Bqs0 Efg9AoIBAQDDvAw4v0xrUWRYNp/BNvejfuJKirMTy9KL+IPoMheUVf2ZzqL9eE5+ cbtTxvYOBEwCVaxMwgRwmqY735nPyNbTRONiIfWnNUnDkMuBsb2acpF/BFy5ZT2l lh7hq9tUfDbIcTXmswX0b1nLQzUCD2r7RDDQUUquGIrZPPUml7Fg+1I0w5pnpuRO iHvkGGBFYskE2k2jZz6/ghcRYrIBqqVpFcp2WRb1i72+F4yXFOyFdyoJLsqeyLaT zGc0mo1n/P+UF9fG4WWIKBeF3CI2Uq5PzUGJcTfhuqKMkKtijW1OsFUTs6IxFJUf bNy4Mb+yzwvHi81Mw3Ax8fLQMFzHHviL -----END PRIVATE KEY----- </key> # This parm is required for connecting # to a multi-client server. It tells # the client to accept options which # the server pushes to us. pull # Scripts can be used to do various # things (change nameservers, for # example. #up scripts/ifup-post #down scripts/ifdown-post verb 4 <tls-auth> -----BEGIN OpenVPN Static key V1----- a32f09a1d9bc8d438579da7bcde7d86c 8ba48d8069652f4bbd10d998ebd16dee 486f28fe78abc638220065590c5c166c b12c0725d48a617d66d79861919a1279 a108d31ac35fc447054f085705f760d4 c825d8d17f4815cdf2d24cfc1ca12af1 b1b847c5ec44979622096ec05b58ec2b 7eb43af1a38bd8accfcc8dae4385dace e41b46657920c925bf09e9c03bd32266 b4107244c792775be827708153a15174 1331339915fcf563d82d03ec0d91715d 5e53166ad96b4d66f7545af0224e3e1f 30987981db4dae2d7f39696e776d9b29 0ecb3369383a2fc7aadebccd57016e79 bf11f944a4608874bb60d4616a909955 044d1a5071d6f72eb09ffa8d76f70560 -----END OpenVPN Static key V1----- </tls-auth> key-direction 1 #tls-auth ta.key 1 tls-version-min 1.2 tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384