port         @vpn_port@
proto        udp

dev          tun0
topology     subnet

cipher       AES-256-CBC

ca           /etc/easy-rsa/pki/ca.crt
cert         /etc/easy-rsa/pki/issued/@hostname@.crt

askpass      /srv/webroot/openvpn/@hostname@.pass
key          /etc/easy-rsa/pki/private/@hostname@.key
dh           /etc/easy-rsa/pki/dh.pem

status        /var/log/openvpn/openvpn-status.log
log-append    /var/log/openvpn/openvpn.log

server       @vpn_net4@ 255.255.255.0
server-ipv6  @host_ipv6@:8000::/65

push         "route-ipv6 2000::/3"
push         "route-ipv6 host_ipv6::/64"

push         "block-outside-dns"
push         "redirect-gateway def1"
push         "route 192.168.0.0 255.255.255.0"
push         "dhcp-option DNS @vpn_ipv4@"

duplicate-cn
client-to-client

daemon
auth-nocache

persist-key
persist-tun

verb          3
keepalive     20    60