# Configuration for Windows OpenVPN client 
# use char ; to comment line

client
dev tun

# We can replace TCP with UDP since Mikrotik RouterOS version 7.1
proto udp


remote a102.mywire.org 1194
resolv-retry infinite
nobind
persist-key
persist-tun

# Copy files to C:\Program Files\OpenVPN\config
ca ca.crt
cert client.crt
key client.key

remote-cert-tls server
cipher AES-256-CBC

# We must use  data-ciphers otherwise we get TLS key negotiation failed - TLS handshake failed from Mikrotik
data-ciphers AES-256-CBC

auth SHA512

# User authentication
# provide credentials for user in secret.cfg
auth-user-pass
;auth-user-pass secret.cfg 

# Push a default route to a client so Internet traffic flows via Mikrotik
redirect-gateway def1

# Add route to reach PC on primary subnet 192.168.88.0/24. This is required only when we do not push a default route with  "redirect-gateway def1"
;route 192.168.88.0 255.255.255.0 192.168.100.1

verb 5
auth-nocache