server 172.16.1.0 255.255.255.0
#server-ipv6 fd2a:aef:608:1::/64

dev athq_sheppyvpn
dev-type {{ item.dev_type }}

proto {{ item.proto }}
port {{ item.port }}

{% if item.dev_type == "tap" %}
topology subnet
client-to-client
{% endif %}

# disable logging
#log /dev/null
#status /dev/null

script-security 2
tls-server
mode server
#duplicate-cn

persist-key
persist-tun

keepalive 10 60

user nobody
group nogroup

data-ciphers AES-256-CBC
data-ciphers-fallback AES-256-CBC
auth SHA512

ca   /data/certificate-manager/keys/ca.crt
cert vpn.atlantishq.de.crt
key  vpn.atlantishq.de.key
dh   dh.param

crl-verify /data/certificate-manager/crl.pem

client-config-dir /data/certificate-manager/client-config-dir
ccd-exclusive
management 0.0.0.0 {{ openvpn_management_port }} {{ openvpn_management_passfile }}