server 172.16.1.0 255.255.255.0
#server-ipv6 fd2a:aef:608:1::/64

dev athq_sheppyvpn
dev-type tun

proto tcp
port 7012

topology subnet
client-to-client

# disable logging
#log /dev/null
#status /dev/null

script-security 2
tls-server
mode server
#duplicate-cn

persist-key
persist-tun

keepalive 10 60

user nobody
group nogroup

auth SHA512
cipher AES-256-CBC

ca   atlantishq/ca.crt
cert atlantishq/vpn.atlantishq.de.crt
key  atlantishq/vpn.atlantishq.de.key
dh   atlantishq/dhparam

crl-verify /opt/data/certificate-manager/crl.pem

client-config-dir /opt/certificate-manager/client-config-dir
ccd-exclusive
management 127.0.0.1 {{ openvpn_management_port }} {{ openvpn_management_passfile }}