# Copy this file to /etc/certidude/template.ovpn and customize gateway IP addresses

# Run as client
client # tls-client; pull
nobind

# OpenVPN gateway(s), uncomment remote-random to load balance
comp-lzo
proto udp
remote 1.2.3.4
;remote 1.2.3.5
;remote-random

# Virtual network interface settings
dev tun
persist-tun

# Customize crypto settings
;tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA384
;cipher AES-256-CBC
;auth SHA384

# Check that server presented certificate has TLS Server flag present
remote-cert-tls server

# X.509 business
persist-key
<ca>
{{ca}}
</ca>
<key>
{{key}}
</key>
<cert>
{{cert}}
</cert>

# Revocation list
<crl-verify>
{{crl}}
</crl-verify>

# Pre-shared key for extra layer of security
;<ta>
;...
;</ta>