# Server TCP/443
mode server
proto tcp-server
port %%VPNPORT%%
dev tun
client-to-client

# Keys and certificates
ca /etc/openvpn/%%VPNNAME%%/ca.crt
cert /etc/openvpn/%%VPNNAME%%/server.crt
key /etc/openvpn/%%VPNNAME%%/server.key
dh /etc/openvpn/%%VPNNAME%%/dh1024.pem
tls-auth /etc/openvpn/%%VPNNAME%%/ta.key 1

key-direction 0
cipher AES-256-CBC
crl-verify /etc/openvpn/%%VPNNAME%%/easy-rsa/keys/crl.pem
client-config-dir /etc/openvpn/%%VPNNAME%%/clientsconf

# Network
server %%VPNIPRANGE%% 255.255.255.0
keepalive 10 120

# Uncomment this to redirect client internet traffic trough VPN
# You'll also need to add iptables rules like
# iptables -t nat -s %%internal_subnet%%/24 -A POSTROUTING -j SNAT --to %%out_ip%%
#push "redirect-gateway def1 bypass-dhcp"

# Security
user www-data
group ovpn-manager
persist-key
persist-tun
comp-lzo

# Log
verb 1
mute 20
status /var/vpn/status-%%VPNNAME%%
log-append /var/log/openvpn-%%VPNNAME%%.log