+# not in example config, but openvpn outputs a warning about insecure
+# cipher without a setting like this (the default i can understand due
+# to compatibility issues, but not changing the example config... not
+# cool). exact cipher taken from config of vpn provider I trust. This
+# requires the same setting on the client side.
+cipher aes-256-cbc
+# Be the default gateway for clients.