zip.ovpn

#Set directories
cd $hvpn
tmp-dir /tmp
askpass $hvpn/pass

#Connection Settings
client
dev tun
proto udp
comp-lzo no #compress lz4
nobind
persist-key
persist-tun
persist-remote-ip
#route-noexec
redirect-gateway def1

#Security Settings
script-security 1
tls-auth ta.key 1 #isn't tls-crypt better?
auth sha512
cipher AES-256-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
tls-version-min 1.3 or-highest
ncp-ciphers AES-256-GCM:AES-256-CBC
ecdh-curve brainpoolP512t
#prng SHA256 64
mark google

#tls-cert-profile suiteb
status-version 3
verify-x509-name bviserver name
replay-window 3 3
auth-retry none
tls-timeout 0
hand-window 5
tran-window 20
user nobody
auth-nocache
rcvbuf 200000 #Set  the  TCP/UDP  socket  receive  buffer  size.   Defaults  to operation system default (~212)
sndbuf 10000 #Set the TCP/UDP socket send buffer size.  Defaults to operation system default.

#Routing to Switzerland
remote $IP1
remote $IP2
#remote $IP3 
remote-random
resolv-retry 10

# Set log file verbosity.
verb 8  #1-4 normal usage, 5 R/W packet uppercase if tcp/udp lowercase if tun/tap, 6-8 debug, 9-11 packet debug
errors-to-stderr
replay-persist replay.log
#log $hvpn/last-session.log #log-append $hvpn/vpnlogs.log

# Silence repeating messages
mute 306 

#User Info
ca ca.crt
cert crt.crt
key key.key