# Server TCP on ${hostname}
mode server
proto tcp-server
port ${port}
dev ${dev}
client-to-client

# Keys and certificates
ca /etc/openvpn/${name}/easy-rsa/keys/ca.crt
cert /etc/openvpn/${name}/easy-rsa/keys/server.crt
key /etc/openvpn/${name}/easy-rsa/keys/server.key
dh /etc/openvpn/${name}/easy-rsa/keys/dh1024.pem
tls-auth /etc/openvpn/${name}/easy-rsa/keys/ta.key 1

key-direction 0
cipher AES-256-CBC
crl-verify /etc/openvpn/${name}/easy-rsa/keys/crl.pem
client-config-dir /etc/openvpn/${name}/client-config-dir

# Network
server ${net} ${mask}
keepalive 10 120

# Uncomment this to redirect client internet traffic trough VPN
# You'll also need to add iptables rules like:
# iptables -t nat -s $internal_subnet/24 -A POSTROUTING -j SNAT --to $out_ip
#push "redirect-gateway def1 bypass-dhcp"

# Security
user ${user}
group ${group}
persist-key
persist-tun
comp-lzo

# Log
verb 1
mute 20
status /var/log/openvpn-status-${name}
log-append /var/log/openvpn-${name}.log