Here’s a sample working OVPN file that may help others get started:
For simplicity’s sake, I recommend using pfx files.
Also, to ensure you’re connecting to the desired endpoint, you’ll want to set the tls-remote to specify the CN name of your firewall — zeroshell.mycompany.com would be entered as /OU=Hosts/CN=zeroshell.mycompany.com
I also include a line to dump some additional diagnostics — note the show-net-up line which you may uncomment when your end users need help.
pkcs12 user.pfx # Use pkcs12 for ca, pub/pvt key
client # This is a client config
dev tap # Ethernet Tunnel mode
comp-lzo # Compress traffic
verb 1 # Logging level
mute 10 # Limit consecutive loging of same cateogry messages
#show-net-up # Log routing table & network adapter info after we're up
nobind # Don't bind to local addr/port
persist-key # Don't re-read keyfile on soft restart
persist-tun # Don't close and reopen device, run scripts on soft restart
# Add more Static Routes for our other network space when on VPN
# Optional -- these may be helpful if other machines outside your firewall
# expects access to come from your office.
route 220.127.116.11 255.255.254.0
route 10.0.0.0 255.255.254.0
route 18.104.22.168 255.255.255.0