/client.conf

## client.conf
client
dev tun
proto udp
remote 123.123.123.123 1194
nobind
persist-key
persist-tun
comp-lzo
verb 3
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
<tls-auth>
...
</tls-auth>
remote-cert-tls server
verify-x509-name 'C=XX, ST=XX, L=XX, O=XX, OU=XX, CN=XX, name=XX, emailAddress=XX' subject
key-direction 1
cipher AES-256-CBC
tls-version-min 1.2
auth SHA512
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
	client
	dev tun
	proto udp
	remote 123.123.123.123 1194
	nobind
	persist-key
	persist-tun
	comp-lzo
	verb 3
	<ca>
	...
	</ca>
	<cert>
	...
	</cert>
	<key>
	...
	</key>
	<tls-auth>
	...
	</tls-auth>
	remote-cert-tls server
	verify-x509-name 'C=XX, ST=XX, L=XX, O=XX, OU=XX, CN=XX, name=XX, emailAddress=XX' subject
	key-direction 1
	cipher AES-256-CBC
	tls-version-min 1.2
	auth SHA512
	tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256