################################################################################
# AM ENDE DIESER DATEI STEHEN EINIGE HINWEISE BEZUEGLICH DER AUTHENTIFIZIERUNG #
# IM ITI WLAN. BITTE LESEN, FALLS ES PROBLEME GIBT.                            #
#                                                                              #
# Diese Datei + das itivpn Verzeichnis muessen nach /etc/openvpn/ kopiert      #
# werden.                                                                      #
################################################################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one.  On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.

remote 129.69.183.97 1194 #infvpn, Internet
#remote 10.7.0.1 1194  #itiVPN

# Damit man unterbrechungsfrei zwischen den WLAN Netzen wandern kann
float

# Choose a random host from the remote
# list for load-balancing.  Otherwise
# try hosts in the order specified.

# Kein remote-random, da die meisten wahrscheinlich sowieso via infvpn reingehen
# und ueber's Internet geht's dann auch schneller.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
# it seems this cause problems in restoring the routes when shuting down
# openvpn. Therefore we deactivate it.
#user nobody
#group nogroup

# Try to preserve some state across restarts.
persist-local-ip
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here.  See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets.  Set this flag
# to silence duplicate packet warnings.
mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.

# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server".  This is an
# important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server".  The build-key-server
# script in the easy-rsa folder will do this.
#ns-cert-type server
verify-x509-name rax7.informatik.uni-stuttgart.de name

# If a tls-auth key is used on the server
# then every client must also have the key.
#tls-auth itivpn/ta.key 1
tls-timeout 2

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
#comp-lzo
#compress lzo

# Set log file verbosity.
verb 4

# Silence repeating messages
;mute 20

################################################################################
# Die nachfolgende Option braucht man, damit OpenVPN nach einem Benutzernamen  #
# und einem Passwort fragt. Die Account Daten sind die vom ITI (z.B. RALab)    #
################################################################################

auth-user-pass

################################################################################
# DIESE OPTION IST ALTERNATIV (XOR!!) ZU auth-user-pass!!!                     #
# Die nachfolgende Option braucht man, damit OpenVPN nach einem Benutzernamen  #
# und einem Passwort fragt. Im Unterschied zur vorherigen Option werden diese  #
# Daten aber aus der Datei credentials.txt gelesen. In dieser Datei steht in   #
# der ersten Zeile der Benutzername und in der zweiten Zeile das Passwort.     #
# Erzeugen kann man sie z.B. mit dem Befehl                                    #
# echo -e "USERNAME\nPASSWORD\n" > /etc/openvpn/itivpn/credentials.txt         #
################################################################################

;auth-user-pass itivpn/credentials.txt

################################################################################
# Die drei nachfolgenden Optionen braucht man nur, wenn man ein GUI verwenden  #
# will, das das OpenVPN Management Interface benutzen kann, so wie z.B. kovpn  #
# (www.enlighter.de, kovpn ist nur fuer Linux).                                #
################################################################################

;management 127.0.0.1 11194
;management-query-passwords
;management-hold
<ca>
-----BEGIN CERTIFICATE-----
MIIEnjCCA4agAwIBAgIIASx1vt3FIzQwDQYJKoZIhvcNAQEMBQAwgdQxCzAJBgNV
BAYTAkRFMRswGQYDVQQIExJCYWRlbiBXdWVydHRlbWJlcmcxEjAQBgNVBAcTCVN0
dXR0Z2FydDEgMB4GA1UEChMXVW5pdmVyc2l0eSBvZiBTdHV0dGdhcnQxHjAcBgNV
BAsTFUNvbXB1dGVyIEFyY2hpdGVjdHVyZTEpMCcGA1UEAxMgcmF4Ny5pbmZvcm1h
dGlrLnVuaS1zdHV0dGdhcnQuZGUxJzAlBgkqhkiG9w0BCQEWGHZwbkBpdGkudW5p
LXN0dXR0Z2FydC5kZTAeFw0yMjEyMDExMzUyMDBaFw0zMjEyMDExMzUyMDBaMIHU
MQswCQYDVQQGEwJERTEbMBkGA1UECBMSQmFkZW4gV3VlcnR0ZW1iZXJnMRIwEAYD
VQQHEwlTdHV0dGdhcnQxIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgU3R1dHRnYXJ0
MR4wHAYDVQQLExVDb21wdXRlciBBcmNoaXRlY3R1cmUxKTAnBgNVBAMTIHJheDcu
aW5mb3JtYXRpay51bmktc3R1dHRnYXJ0LmRlMScwJQYJKoZIhvcNAQkBFhh2cG5A
aXRpLnVuaS1zdHV0dGdhcnQuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDS1NRjhzWvh4m1QeDzasrQqCI+WhnqaxoE5ENe8nEXJ0UtQgpbUz2fgAE/
GHv7dtB8OgnGQqwMvj+UtPoptxaglq0mP93FSC2lidZVuZHYMfrGM8D6qq3dCb4s
besMlv7qSsB7sxqMae+s/h+5lFtOawLcDjtiuvp7etwYWQScZHsHe37PYwBFa+HU
werNQhdguyzL2arGfNDTSLq2NoIYkjo0xY0TBpARW1Nh4Uub1WHDI/3k2sEfjihK
fjLJentd7WqIhT8FnULDTPGwBjCLoB0FO0KcUK3lFEsk5r+Y5PaFzacmfBXoHZ1Y
oKs3zzDU9VNzMQVR3rAbqopvPQOjAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8w
HQYDVR0OBBYEFOw4+79VlBNG9NPqJbiPkBZXBFwEMAsGA1UdDwQEAwIBBjARBglg
hkgBhvhCAQEEBAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAN
BgkqhkiG9w0BAQwFAAOCAQEAxZ2iOIKXU5VW7Z0c5E+tP/lZgS/Uww+8Mj5aozA+
09cqXf6oM4qhOvmJABInmr54zOI9keN3wkLKYPHmiDFjvUojDO3A33jle1wqau25
/QZ0rFZRmaTNp2NfFWW5m6H8dXpiAxXmG56fyLgbmEobmtJfgMAXKN+unKLYA+nH
JQzZFcu1WWdbY3uAzltMYV15IbjBy/TrkVUl4vU4uDGOzS+hfEKPTpidIJTZ7++9
UU7xprDXTH/t1pMG/S1zeBJedXhrlu9k8C4IhrXZSvl9+bzOjs4S3y7hKhWmSRoN
/H7h9rqeuIhX2ToNxmlL4sSHQhR5LjkuNFK5ASCp2jaRQQ==
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIEtDCCA5ygAwIBAgIIDBzemsuo/vQwDQYJKoZIhvcNAQEMBQAwgdQxCzAJBgNV
BAYTAkRFMRswGQYDVQQIExJCYWRlbiBXdWVydHRlbWJlcmcxEjAQBgNVBAcTCVN0
dXR0Z2FydDEgMB4GA1UEChMXVW5pdmVyc2l0eSBvZiBTdHV0dGdhcnQxHjAcBgNV
BAsTFUNvbXB1dGVyIEFyY2hpdGVjdHVyZTEpMCcGA1UEAxMgcmF4Ny5pbmZvcm1h
dGlrLnVuaS1zdHV0dGdhcnQuZGUxJzAlBgkqhkiG9w0BCQEWGHZwbkBpdGkudW5p
LXN0dXR0Z2FydC5kZTAeFw0yMjEyMDgwNjU4MDBaFw0zMjExMzAwNjU4MDBaMIHW
MQswCQYDVQQGEwJERTEbMBkGA1UECBMSQmFkZW4gV3VlcnR0ZW1iZXJnMRIwEAYD
VQQHEwlTdHV0dGdhcnQxIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgU3R1dHRnYXJ0
MR4wHAYDVQQLExVDb21wdXRlciBBcmNoaXRlY3R1cmUxKzApBgNVBAMTInJhb3B2
bi5pbmZvcm1hdGlrLnVuaS1zdHV0dGdhcnQuZGUxJzAlBgkqhkiG9w0BCQEWGHZw
bkBpdGkudW5pLXN0dXR0Z2FydC5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAJRyrOdPtzHNbTA4g6HGm8keu6v6AJ8ltWAQ/6uFzg+trY/8CymbkW8C
KXRk59p7SBTH9QdhiyO8EM0UZFixNs0HLXM1jdRjxJu++BKtEr05Y956u+aJoWfV
d0fR1TTuztepmtJzQ2sNwym2eZY21+p/r0sZgJKr7O0QiXzTVSVRXrV9bKjtJ5MU
pXRw/LIoT6W4/df8/ZUtg5wItDnZtK3li18VaPSlLMfiI8H2Wy3KPW+LiIUkrQcS
eHBayCJcjse1TkErns91N7XDlf9dNc/pi5i43CdyPcdIUQIbaqJtMQA9v6hfC4b5
dykEgCD12ymYOhN6sAMgYqBbzHlnY8cCAwEAAaOBhTCBgjAMBgNVHRMBAf8EAjAA
MB0GA1UdDgQWBBRboXG0+0s4w+xte09EZGYl9nZyTjALBgNVHQ8EBAMCA7gwEwYD
VR0lBAwwCgYIKwYBBQUHAwIwEQYJYIZIAYb4QgEBBAQDAgWgMB4GCWCGSAGG+EIB
DQQRFg94Y2EgY2VydGlmaWNhdGUwDQYJKoZIhvcNAQEMBQADggEBAMt1P5RxX52p
6MuH6W0tqsCzagJnDwdLLO8OpgPsswWkpgfQXA2G8weXMN4W5FUvtFEltr16DauB
gDh5zFfEXWxjE2cyiw2sAqIwye4Opsjj6ypgyMv0fvjod5RccxuRuYvCVCGAzdPa
3Pzy3TD//f049G0zWJuVDq1rprT5bq5sn8TQpgefOW2SRjIvbk4qyxdPK949tXdJ
WUAUrLz10aICLGuZQd8ZkIHNRTLCsqp9H9WAXJck8aTXe4baQMGnU8mwWb68iZT8
oy+pwkLdsWTQLGr7Z+Mux7xzYOzzQPjeFlPy719aAlPRAcpqGBe5xRdLOP1hdRzN
jLkO09uW6h0=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAlHKs50+3Mc1tMDiDocabyR67q/oAnyW1YBD/q4XOD62tj/wL
KZuRbwIpdGTn2ntIFMf1B2GLI7wQzRRkWLE2zQctczWN1GPEm774Eq0SvTlj3nq7
5omhZ9V3R9HVNO7O16ma0nNDaw3DKbZ5ljbX6n+vSxmAkqvs7RCJfNNVJVFetX1s
qO0nkxSldHD8sihPpbj91/z9lS2DnAi0Odm0reWLXxVo9KUsx+IjwfZbLco9b4uI
hSStBxJ4cFrIIlyOx7VOQSuez3U3tcOV/101z+mLmLjcJ3I9x0hRAhtqom0xAD2/
qF8Lhvl3KQSAIPXbKZg6E3qwAyBioFvMeWdjxwIDAQABAoIBAF1amH2G1hANvgK7
J5yPB9085IzMVaO/1QYq6n31UZbug92uhV6PJLCIzYUTB/OP386hyOfxYc0BMhem
IUzddTcOsnhnT2Antba0K9Gi4cv50WJSEORz3PstdSvHO6tkGtPpJyH9toIWT4tl
46ShrLsdvSEfUonqcL7MzYmgZUVnp1T9eAmkdLaPlU8oKFBRzLdKSizp/+MALLLT
wDSKZSma363Tcim360wIVQnzGTQoHywIcimnrEce59hM0B1hRq1EJDS7WRt7yISA
UTKOaXDs9WX+MRLRlkl+4GE+Q2bf/GdTQ1srEd9oguIkySPnPdlVNkDfMgXdEjxj
VinmvcECgYEAw3rA4uS1w4CA2i6gj+I7CRjoMVF1f8qrGxkP9pPft5kGVP8M8/6d
paSMijBC8gIKI82G8wAp9cv7yc02XAtU/o1nEyKn0ErEejABcjUWQZoGmj1irQHT
J1uCV5w0BdBY0ZN8mmRnK4xuRwVoBx+z+ooIUItfi1nU/jiBdVQkzfcCgYEAwmhP
tORgWOK1taPFuED//ZVOgp0jUe6JHlcdpJ1AenQ+JzPM4Fzdvj8geP6P+S65Ql3n
uWvS6bmoqI4Rn6s9QU0iO2lz9L0VyegLLSB1KtnOFSdi6TyWX0mQ0S8m4jLSLN4d
t54k1u6Kba2rbzLsBhy6tj/IcB/NgnwqxpJj5LECgYB3CDGaOBCieoZ71Ta6RtUS
BhOlrGezKFMmzg0VZhgtcUYUzbYygVG3wso9f4PUX/+Sq51ILUpfvRWWXZqDU/cu
hiZE1a6APHcFvGO1CrSBv+vTUhvbI6hTZ/qnpJtdCvB6taeDUC4uq3WfU6Bz7g8n
OZQ0j5nffhUftILIUjOTIwKBgQCm8FYJuta1XTC2YoUFnON2CUFazb8nuxMJ97rf
wZ09yhYZKdUzkOtlU+X5oHdXffTd9a9nvRxnUeNvolel6bD3I1pS9FH7hmdwcw8t
2CJlApWB+sloCXwDJTPzPW9BbGyo1K9mHqn52usKFckR+wNMmF0I5Sqkhdq+wwsk
a07WcQKBgF3J1EWXvZyuKs3ZlUMyWGUBWYydZq5UhL9JNSjX3EDHDFHNWusIfdBZ
Xdgt/IiCVsLZ2C9Elwz+C4oiLIOXHHrNAmJ0/zrOR4h1G9uXkvIWN5lIGTt6/5CM
USjuEXGPh/Xx4oEEUr9+lC3Gp06BnccxCS2L48pS7j6jb8KCvQBb
-----END RSA PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
ac3c0f36989d50639e67a88278a01eb7
79bf329fd3a2dd2f037404727c6a9d35
cd76b2e87bf776067ed723307c227ac4
5f52022f80018220ee253612ba99faa4
5c4bfe14559badb56477eb4602a7d60b
155b4bf741452c4292061c6c7953ef41
4615374c1dcc02cdcaf7e90236816dad
7ace2fd25ac6cf5bd82ec995c856694a
b32543a3c97665242e7646800e883005
8fed2951eccacf19a955eaadda58be22
af16a0ca22c5dc6473d7f269f22fdc4e
f238a5678d757563bb00caab9df6a608
90aa87e95dfede7201e3606425ae889f
a3cc6bb0c9cf235b70737d4e5258d58c
bb0f23cd11d29bfb5ac408d34cff7d0d
1eda6d09ec709287efe3694f7d3b69da
-----END OpenVPN Static key V1-----
</tls-auth>
key-direction 1