client
dev tun
proto tcp
resolv-retry infinite
nobind
remote vpn.example.org 1194 #
#Root CA
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
# Client certificate
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
#Private Key
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
tls-client
port 1194
user nobody
group nogroup
#comp-lzo # Do not use compression. It doesn't work with RouterOS (at least up to RouterOS 3.0rc9)
# More reliable detection when a system loses its connection.
ping 15
ping-restart 10
ping-timer-rem
persist-tun
persist-key
# Silence the output of replay warnings, which are a common false
# alarm on WiFi networks. This option preserves the security of
# the replay protection code without the verbosity associated with
# warnings about duplicate packets.
mute-replay-warnings
# Verbosity level.
# 0 = quiet, 1 = mostly quiet, 3 = medium output, 9 = verbose
verb 3
cipher AES-256-CBC
auth SHA1
pull
route-nopull
route 192.168.1.0 255.255.255.0
push "dhcp-option DNS 8.8.8.8
auth-user-pass
Here is sample config. It work Windows, Android and iOS on OpenVPN software. I think it work OS X too.