mode {{ openvpn_mode }} dev {{ openvpn_dev }} port {{ openvpn_port }} proto {{ openvpn_protocol }} topology subnet server {{ openvpn_server_net }} ifconfig-pool-persist ipp/ipp.txt client-config-dir ccd {% if openvpn_client_routes is defined %} {% for route in openvpn_client_routes %} route {{ route }} {% endfor %} {% endif %} {% if openvpn_push_routes is defined %} {% for route in openvpn_push_routes %} push "route {{ route }}" {% endfor %} {% endif %} {% if openvpn_push_settings is defined %} {% for dhcp_opt in openvpn_push_settings %} push "{{ dhcp_opt }}" {% endfor %} {% endif %} cipher AES-256-CBC {% if openvpn_compression_enabled %} compress lz4-v2 push "compress lz4-v2" {% endif %} keepalive {{ openvpn_keepalive }} {% if openvpn_cert_auth_enabled %} tls-server {% endif %} tls-auth {{ openvpn_tls_auth }} 0 key-direction 0 dh {{ openvpn_dh }} ca {{ openvpn_ca }} cert {{ openvpn_cert }} key {{ openvpn_key }} {% if not openvpn_cert_auth_enabled %} # Disable cert-auth client-cert-not-required {% endif %} {% if openvpn_username_pam_auth %} username-as-common-name # PAM login plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login {% endif %} {% if openvpn_ldap_auth %} plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth/auth-ldap.conf {% endif %} {% if openvpn_ldap_perl_auth %} auth-user-pass-verify /etc/openvpn/auth/auth-ldap via-env script-security 3 execve {% endif %} max-clients {{ openvpn_max_clients }} persist-tun persist-key status status/openvpn-status.log {% if openvpn_run_unprivileged %} user {{ openvpn_unprivileged_user }} group {{ openvpn_unprivileged_group }} {% endif %} verb {{ openvpn_verbosity_log }} mute {{ openvpn_mute_after }} {% if openvpn_protocol == 'udp' %} # Notify the client that when the server restarts so it # can automatically reconnect. explicit-exit-notify 1 {% endif %}