# Server TCP
mode server
proto tcp-server
port 4242
dev tun
client-to-client
#client-connect misc/on-client-event.py
#client-disconnect misc/on-client-event.py
#route-up misc/route-up.sh

# Keys and certificates
ca credentials/ca.crt
cert credentials/server.crt
key credentials/server.key
dh credentials/dh2048.pem
tls-auth credentials/ta.key 1

key-direction 0
cipher AES-256-CBC
client-config-dir client-config-dir

# Network
server OVPN_SUBNET_ADDR OVPN_SUBNET_MASK
keepalive 10 120

# Uncomment this to redirect client internet traffic trough VPN
# You'll also need to add iptables rules like:
# iptables -t nat -s $internal_subnet/24 -A POSTROUTING -j SNAT --to $out_ip
#push "redirect-gateway def1 bypass-dhcp"
push "route SITES_SUBNET_ADDR SITES_SUBNET_MASK"
push "dhcp-option DNS SITE_DNS1"
push "dhcp-option DNS SITE_DNS2"

# Security
user root
group root
persist-key
persist-tun
comp-lzo
script-security 3
username-as-common-name
client-cert-not-required
plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth-ldap.conf
#auth-user-pass-verify credentials/passwd-verify via-env

# Log
verb 3
mute 20
status /var/log/openvpn-status-vpn-sites-server
#log-append /var/log/openvpn-vpn-sites-server.log