port         @vpn_port@
proto        udp

dev          @vpn_tunnel@
topology     subnet

cipher       AES-256-CBC

ca           /etc/easy-rsa/pki/ca.crt
cert         /etc/easy-rsa/pki/issued/@hostname@.crt

askpass      /srv/webroot/openvpn/@hostname@.pass
key          /etc/easy-rsa/pki/private/@hostname@.key
dh           /etc/easy-rsa/pki/dh.pem

status       /var/log/openvpn/openvpn-@vpn_type@-status.log
log-append   /var/log/openvpn/openvpn-@vpn_type@.log

server       @vpn_net4@ 255.255.255.0
server-ipv6  @host_ipv6@:@ipv6_subnet@::/66

push         "route-ipv6 2000::/3"
push         "route-ipv6 @host_ipv6@::/64"
push         "route 192.168.0.0 255.255.255.0"

@vpn_route_all@ push         "block-outside-dns"
@vpn_route_all@ push         "redirect-gateway def1"
@vpn_route_all@ push         "dhcp-option DNS @vpn_ipv4@"

duplicate-cn
client-to-client

daemon
auth-nocache

persist-key
persist-tun

verb          3
keepalive     20    60

client-config-dir   ccd