### Autogenerated by interfaces-openvpn.py ###
#
# See https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
# for individual keyword definition
#
# 
#

verb 3
user openvpn
group openvpn
dev-type tun
dev vtun0
persist-key
iproute /usr/libexec/vyos/system/unpriv-ip
proto udp
multihome

#
# OpenVPN Server mode
#
mode server
tls-server
topology net30
server 172.16.252.0 255.255.255.0 nopool
ifconfig-pool 172.16.252.4 172.16.252.253 
server-ipv6 fda8:c8dd:ab6a:570e::/64

keepalive 10 600
management /run/openvpn/openvpn-mgmt-intf unix

push "dhcp-option DNS 172.16.252.1"
push "dhcp-option DNS6 fda8:c8dd:ab6a:570e::1"
push "dhcp-option DOMAIN example.com"

# TLS options
ca /config/auth/ca.crt
cert /config/auth/vpn.crt
key /config/auth/vpn.key
dh /config/auth/dh.pem

# Encryption options
cipher aes-256-cbc

auth sha512


# DEPRECATED This option will be removed in OpenVPN 2.5
# Until OpenVPN v2.3 the format of the X.509 Subject fields was formatted like this:
# /C=US/L=Somewhere/CN=John Doe/emailAddress=john@example.com In addition the old
# behaviour was to remap any character other than alphanumeric, underscore ('_'),
# dash ('-'), dot ('.'), and slash ('/') to underscore ('_'). The X.509 Subject
# string as returned by the tls_id environmental variable, could additionally
# contain colon (':') or equal ('='). When using the --compat-names option, this
# old formatting and remapping will be re-enabled again. This is purely implemented
# for compatibility reasons when using older plug-ins or scripts which does not
# handle the new formatting or UTF-8 characters.
#
# See https://phabricator.vyos.net/T1512
compat-names