# Based on sample.ovpn.txt
# Set up for Baobei (Windows) <-> Harlech by jimc, 2004-06-19

# Configuration directory
cd "c:/Program Files/OpenVPN/config"

# moderate verbosity
verb 1
mute 10

# Accept configuration overrides from the server
pull

# Preserve root-only files and options.
persist-key
persist-local-ip
persist-remote-ip
persist-tun

# Lock the key buffers in memory, keeping them out of the swap file
# mlock (doesn't work on Windows)

# Network type (tun, or tap, for ethernet bridging).
dev tun

# The tunnel MTU.  On OpenVPN v2.x the default seems to work correctly.
# tun-mtu 1500

# If you have fragmentation issues or misconfigured
# routers in the path which block Path MTU discovery,
# lower the TCP MSS and internally fragment non-TCP
# protocols.
#fragment 1300
#mssfix

# If you have set up more than one TAP-Win32 adapter
# on your system, you must refer to it by name.
# dev-node my-tap

# Detect a dead peer.
ping-restart 120
ping-timer-rem

# keep-alive ping
ping 60

# Our VPN peer (omit on a server)
remote vpn.math.ucla.edu

# Port (default is 1194 per official IANA assignment; formerly 5000)
port 1194

# Protocol [tcp-server | tcp-client | udp]  Default is udp, usually best.
# proto udp

# (Don't) configure the tunnel endpoint addresses.
# ifconfig 10.3.0.1 10.3.0.2

# Uncomment this redirection or the routes below (one or the other)
# Send the default gateway through the tunnel.
redirect-gateway

# Uncomment these routes or the redirection above (one or the other)
# Send only Mathnet traffic through the tunnel.
# route remote_host 255.255.255.255 net_gateway
# Original UCLA net
# route 128.97.0.0 255.255.0.0 vpn_gateway
# AIS
# route 164.67.0.0 255.255.0.0 vpn_gateway
# Bruin Online, www.ucla.edu, etc.
# route 169.232.0.0 255.255.0.0 vpn_gateway
# Medical Center
# route 149.142.0.0 255.255.0.0 vpn_gateway

# Crypto parameters (must match the peer, can't push them)

# HMAC algorithm (anti-tampering checksum)
auth SHA1

# Cryptographic cipher on main data channel
cipher AES-128-CBC

# enable LZO compression
comp-lzo

# Take defaults for TLS cipher algo(s), colon separated list, most preferred
# one first.  openvpn --show-tls shows what's available.

# Polarity of this host (tls-client or tls-server)
tls-client

# Certificate Authority file
ca ucla-math.crt

# Our X.509 certificate (public)
cert host.crt

# Our secret key
key host.key

# The secret key is protected by a passphrase.  Ask for it at startup.
askpass