# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On some systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
#dev tap
dev tun

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server. For MikroTik only TCP
proto tcp-client

# Change 'myremote' to be your remote host,
# or comment out to enter a listening
# server mode.
remote 10.10.10.1

# Reconfigure this line to use a different
# port number than the default of 1194.
port 1194

# Most clients don't need to bind to
# a specific local port number.
nobind

# Try to preserve some state across restarts.
persist-key
persist-tun

# SSL/TLS client
tls-client

# Chech server serificate in key-usage
remote-cert-tls server

# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.

<ca>
-----BEGIN CERTIFICATE-----
MIIDFjCCAf6gAwIBAgIIGfb6zQYlwoIwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE
AwwHY2EtY2VydDAeFw0yNTAyMDcyMzI0MDdaFw0zNTAyMDUyMzI0MDdaMBIxEDAO
BgNVBAMMB2NhLWNlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDr
ORZAHhzBktSEA1JlSMdnc/nlnuxXRRCeE3So6QDGjEgceTrHPm0mET+omnnP6g5u
wOcV6q/mdvZK5KQIoaJkXHii+9vEh4pV78Lpb2kINc92/2jeM5hu9ClKJ36UuPT/
zd3tT589C1cVDNA5CIDr8jK7jVv2B87HEfks9pfVfq+GoXUT5tyzgbf22zML3RsO
Sy8PSREDvPX9joO72yQsu5xqP6wkY2VAr/dU1DW70/2ix/mpjig9Fnjh8WTqJGsK
AUoOjNurjCuAehKn0flV4jfd7ViOLh07r22IXvOrFrh6ygl0lbItJbqY47O0qr3v
0XhfqLP5o6ZEo5nF/WK1AgMBAAGjcDBuMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMB0GA1UdDgQWBBQVuVsdVkLR9/JOluQJHJQfNv2AvTAsBgNVHR8E
JTAjMCGgH6AdhhtodHRwOi8vMTAuMTAuMTAuMS9jcmwvMS5jcmwwDQYJKoZIhvcN
AQELBQADggEBANI5YU7IO4jdzmN+VZjzXCOuaDRlBlFPeQZ1HjjJk7nQdMU7jksI
91aL7KpOAo9zPFar/V6ox4H7ilrWsd2T1AVSOsgXIhtDJnulHScHtPoWh3juycrK
Mik1T5Zhtn/kLwYCA4uCbtLRJ5+xSf0BsXIkL2OB55aJXDDBzmi9gVlagjBszz47
/oS18YlXy2eDbCFcq/jV+UQFMbRx5JEc2GSMoyqFr3j6bnoJcrQryykR+43yQtsu
SsC0LJ6gxQAo9Ccv0dymiUfUlBpVew8bOUaD4B6Ggvv49s5qdvWCe9N9UNu5KNsJ
5f1vjlv1q8p02exZyLdDyc+0eVh7DTs0DN8=
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIDATCCAemgAwIBAgIIb5wz2XXegBYwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE
AwwHY2EtY2VydDAeFw0yNTAyMDcyMzI4MjVaFw0zNTAyMDUyMzI4MjVaMBYxFDAS
BgNVBAMMC2NsaWVudC1jZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1CCUSnmKIthI6LeWBqahlpq7FNuO8s9Zc1mW91Jp3jvSrcJM6VJpYprqVFdu
oRQTPqJej7Ms1ydnKenjXLdvdjteXSZsVOXy/7XYfvcmCjSAo6h+BZl5+MdeTP2V
ckqAaVibEDM+e/EoCehnJhmvgZs/fjXDMoNYdW4MpW1Y52IlaiEJmod91gNqQQUy
JTaRVrb/l1X7WMDSe3Kbtn2Trfww7KrvsdhlEULjCCfgWv/eVpsRRYDJaO2qFn2S
hsUGBzRauSsqtJf65qXJXwAg+cjtvnLLcb6o0xzW0QNxyFdX3imiPTu6xm1JHZj9
5HMHROaUzsFrPn0u6VN74pChkQIDAQABo1cwVTATBgNVHSUEDDAKBggrBgEFBQcD
AjAdBgNVHQ4EFgQU6XrwFORuPNkfSULXNFdKwrVv1GQwHwYDVR0jBBgwFoAUFblb
HVZC0ffyTpbkCRyUHzb9gL0wDQYJKoZIhvcNAQELBQADggEBAOlUCyjQRXGU08I9
hBU3YhNHkUnSj1EGCJXIcmCMsQz/LNUfsVqJyM82NE5ukPaHUb20iFbXJ2ajcBZV
Jqe5CnJbOEyCj9mXgre2v7y4SASlEEND5aXcZoIswxcP2Ixt3NFU7cvAvf9ZQ3D7
ZAL4bMOz/u66N9XbTvGjR/fU4Zkn44mhfCLmIff7DMT3sHzdMgyIRb2e3Ngu+9fu
cmyudD2GDAcSg7LehSQd2Iqld18BQ5zGqLejgbaKFmF9We5FxqslP3jRw87Lfxee
CDoph4YsjNl4fKSXc5Rm2T1hoAHO+v9IpintmEmQLfgMLbLVNjN9lAvh6dj97v9l
eHC6yKc=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIycREEPTX4qACAggA
MB0GCWCGSAFlAwQBKgQQUzrPU52BRQoY5rDthNqi1QSCBNCiurgiQ8HWDoZs+Kdb
51uhpHr4/D7m0/BhunysDAf+qOgQtjVcmvoBr/Z+yTALlwB0JX4Jg4G6tpXbcSxQ
LeqKLGcYnkegy3YQPedM/ZJwLZPQ/kDaX1N6clHZaEOt5cJbVSExNkGlH90S23XS
0x86k8vdUt3Kd9WsncVBZOsmoH0cvs0V3xC9BpZYOkYMkh+oSInziryvIQpoCtqa
e5IQ1xoE62dEM7EDBePeIvp5G4cKfn1cr9py6gyzrVKyyFOD7Ner0Ic5Cw9Bobn4
G/szV7R+v5r46Bbp84W46SaEPlZ7N6p7ia2g/rl1N3DJ/lWUTELh3n2RiJz3XyJd
BgcGcBTZuAxkJsImSFoM5ugniEwfeL1ytK4fc75tXDjkrk5bade8EyiIEBou1oOa
SvjIU6qCkR5QgelZSfdnxpD71Wex6Jum13YpgtQxiR63KOOkOXHKMW6v/aSTrEs6
R2guYz4/0DAVp22fMer9QSv2MUJtCVlQOTsfIlWXFaltHKUv+8uYLLHUVJA8nWu2
WmIloSXeGtQq9UgldLt7+ASoHT74JNcVznI1E7k3cxCUF9sGgCJGg6xF4Nwa04Y0
snL+8LVHKaQ87WkvJJ2gsISpLUQnbJrurnJKb8KoWpprEN7w2hYsEoCsJVc9dTtt
E3J8y46PZoHQyHQ7fwqIYKrlWpw+XPBNEMjJfyMFdwoKzoSZ0HdeezaoQ3OrOvWY
u43WDQMeKVtp750MftAFdqym3yQtg57wviUNqSGUvBOGt0HlFOvp4XniiV3rajTN
B68TN8i8e/VjnnWJPzAwI7zSOvFqnk6VrytO1cQj0lVwT5ENgW6ClBcVgO3GWzM1
/3jt7uCfQucxf7KlcpjvosIzKrA3S9iAemJI11F3iJv/g2bc0ijFtl0NJG1vWNO7
h89P0ooG1MrZGX1XvePlWDPXlbyVqP4i6esyV2hE4uKbnxVMgjcZyRYxabkxLdYk
ACqJJiaa4IlBYlJlgZKDRFKmFi0D0xwbqYYv5M0aYZbsKuqHQ/6iBwl+mPqdIipe
+6oQtDtczEB94JlLg7apHEZKRQFATshT96nWihNcHzzvDODV/X8Q/DHsR6que6H2
gpbPp3+Q9rtSHUB8m52K9o881Ub5mxrjnJqSkiSPdqVPs4wEFAM0QbNMeo86MoQZ
cQKy9ijXdTzSqXxgrRXYNJdowowVu2Dnhl501PdhvX6fNA4gr8dllse5rMzw5N3J
U+YoUvYnuixaG4BksFO+Uewv34B3trVyBZBSVDAkJXAdv9Ol6wRZeB6Jqn0Srhmy
ETMl95e1jNpTO1cyhZChXkPaOygmgcwFrjStek5jcAuMfHFO26tn+hFTyN9H93mX
WlQKaGlH92mzO8eH2AnyWzyr3+MUJb6KwG8RvgqkLkuDBj7VQmiahJsaGTuouHws
WDvngez0lEAwJKGdbsmuRav6Z1v9Gu2s5SO9bnrdognWOQVymFYNX0v+inUmIefi
lM6GHFS9rfCk8HC6Qp1SRGwHc1WoJSrmOOHvsp5e992LNcBlb4OePh56KTJ9gnqj
LV3Jlxd76MnzwxbikJkpmb6KcY7EB+AzP+tZzVSc8LciwCm8n5oHuWv5iqNoQGxW
JeoM1bInWwwQ1Nppx186u5HiGQ==
-----END ENCRYPTED PRIVATE KEY-----
</key>


# moderate verbosity
verb 4
mute 10

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-256-CBC

# cipher algorithm
auth SHA1

# Username and password file
auth-user-pass 

# Nocache for auth
auth-nocache

# Pushing the redirect-gateway option to clients
# will cause all IP network traffic originating
# on client machines to pass through the OpenVPN
# server. 
;redirect-gateway def1

;route 192.168.29.245 255.255.255.255
route 192.168.28.0 255.255.252.0