port {{ item.port }}
{% if item.proto == "udp" %}
proto {{ item.proto }}
fast-io
sndbuf 512000
rcvbuf 512000
push "sndbuf 512000"
push "rcvbuf 512000"
{% elif item.proto == "tcp" %}
proto tcp-server
{% endif %}
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
mode server
tls-server
#user nobody
#group nobody
push "route-gateway {{ item.ip_server }}"
push "redirect-gateway def1"
#push "redirect-gateway def1 bypass-dhcp"
{% if item.dns is defined %}
push "dhcp-option DNS {{ item.dns }}"
{% endif %}
{% if item.domains is defined %}
{% for vpndomain in item.domains %}
push "dhcp-option DOMAIN {{ vpndomain }}"
{% endfor %}
{% endif %}
{% if item.routes is defined %}
{% for vpnroute in item.routes %}
push "route {{ vpnroute }}"
{% endfor %}
#push "route 0.0.0.0 128.0.0.0"
#push "route 128.0.0.0 128.0.0.0"
{% endif %}
client-to-client
keepalive 10 60
tls-auth ta.key 0
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
#comp-lzo
persist-key
persist-tun
{% if item.dhcp_range is defined %}
server-bridge {{ item.ip_server }} {{ item.netmask }} {{ item.dhcp_range}}
{% endif %}
status openvpn-status.log
#log-append  openvpn.log
script-security 2
up /etc/openvpn/server/vpn-up.sh
down /etc/openvpn/server/vpn-down.sh

#cd /etc/openvpn/
#secret key
#ping-timer-rem
#replay-persist antireplay-{{ openvpn_vpn_name }}
verb 3
#route 172.16.0.0 255.255.255.0 172.16.255.2
#route 172.16.2.0 255.255.255.0 172.16.255.3
#ifconfig 172.16.100.10 255.255.255.0