---
openvpn_enabled: True
openvpn_enable_system_forward: True
openvpn_pkg_state: latest
openvpn_pkgs:
  - openvpn

openvpn_radius_auth: False
openvpn_radius_pkg:
  - openvpn-auth-radius

openvpn_ldap_auth: False
openvpn_ldap_pkg:
  - openvpn-auth-ldap

openvpn_conf_dir: /etc/openvpn
openvpn_conf_name: openvpn.conf
  
openvpn_mode: server
openvpn_dev: tun
openvpn_port: 1194
openvpn_protocol: udp
openvpn_server_net: '192.168.254.0 255.255.255.0'
openvpn_push_routes:
  - '192.168.253.0 255.255.255.0'

#openvpn_push_settings:
#  - "dhcp-option DNS 10.66.0.4"
  
openvpn_tls_server: True
openvpn_dh: /etc/openvpn/dh2048.pem
openvpn_tls_auth: '/etc/openvpn/ta.key 0'
openvpn_install_alternative_ca: False
openvpn_alternative_ca_name: ca.pem
openvpn_ca: '/var/lib/acme/live/{{ ansible_fqdn }}/chain'
openvpn_cert: '/var/lib/acme/live/{{ ansible_fqdn }}/cert'
openvpn_key: '/var/lib/acme/live/{{ ansible_fqdn }}/privkey'

openvpn_compression_enabled: False
openvpn_keepalive: '10 120'

openvpn_cert_auth_enabled: True
openvpn_username_pam_auth: False

openvpn_max_clients: 50
openvpn_run_unprivileged: True
openvpn_unprivileged_user: nobody
openvpn_unprivileged_group: nogroup
openvpn_letsencrypt_managed: True

openvpn_verbosity_log: 3
openvpn_mute_after: 20