#-----------------------------------------------------------------------------
# sansone-X509.ovpn - X.509 auth
# - openvpn port/encap 1195/UDP
# - X.509 auth
#-----------------------------------------------------------------------------

# the server
remote 193.206.157.150

# me
client

# use tun device, udp encap & standard port (1194)
dev tun
proto udp
port 1194
persist-key
persist-tun

# use a strong cipher, please
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
cipher AES-256-GCM

# keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# most clients don't need to bind to a specific local port number.
nobind

# pull dhcp options from server (domain, nameserver list)
pull

# wireless networks often produce a lot
# of duplicate packets.  Set this flag
# to silence duplicate packet warnings.
mute-replay-warnings

# X.509 auth setup
pkcs12 cert.p12
providers legacy default

# comment if you don't want the server keeping ask your password every 60 minutes or so
# beware: caching credentials in memory may pose a security threat
auth-nocache

# tls setup
ca Harica_intermediate.crt

# server verification - optional
remote-cert-tls server
verify-x509-name 'C=IT, L=Roma, O=Istituto Nazionale di Fisica Nucleare, CN=sansone.mib.infn.it'

# just tell me what's going on
verb 3

# Silence repeating messages
mute 20