<ca>
{{ ca }}
</ca>
<cert>
{{ cert }}
</cert>
<key>
{{ key }}
</key>
<dh>
{{ dh }}
</dh>

proto udp6
port 1194
dev tun

client-config-dir /etc/openvpn/ccd
client-to-client
topology subnet

user root
group root

duplicate-cn
username-as-common-name

keepalive 5 30

compress lzo
fast-io

persist-key
persist-tun

server {{ tunnel.ip }} {{ tunnel.netmask }}

{%- for route in routes %}
{%- if not route.push %}
route {{ route.ip }} {{ route.netmask }} {{ route.hop }}
{%- endif %}
{% endfor -%}

{% for route in routes -%}
push "route {{ route.ip }} {{ route.netmask }} {{ route.hop }}"
{% endfor -%}
#push "dhcp-option DNS {{ dns|join(" ") }}"

# IPv6
#server-ipv6 2a01:e0a:97:8311::/64
#tun-ipv6
#push tun-ipv6
#ifconfig-ipv6 2a01:e0a:97:8311::1 2a01:e0a:97:8311::2
#ifconfig-ipv6-pool 2a01:e0a:97:8311::101/64
#push "route-ipv6 2a01:e0a:97:8311::/64"
#push "route-ipv6 ::/0"
#push "redirect-gateway-ipv6 def1"

{% if config.auth == "pam" %}
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so /etc/pam.d/login
{% endif %}
status {{ config.status|default("/var/log/openvpn/vpn.status") }}