# Port.
port 1194

# TCP or UDP.
proto tcp-server
mode server
tls-server

# tun or tap device.
# tun is an IP tunnel.
# tap an ethernet tunnel.
dev tun

# Our Server IP.
server 10.0.0.0 255.255.255.0

# Paths to the certs.
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/test.domain.local.crt
key /etc/openvpn/easy-rsa/keys/test.domain.local.key

# Diffie-Hellmann Parameters.
dh /etc/openvpn/easy-rsa/keys/dh2048.pem

# Ciphers.
cipher AES-256-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
tls-version-min 1.2
remote-cert-tls client

# Tests the connection with a ping like packet.
# Wait=120sec.
keepalive 10 120

# Authentication.
auth SHA512

# Compression.
comp-lzo

# Sets new rights after the connection.
user nobody
group nogroup

# This is needed because of user nobody/group nobody.
persist-key
persist-tun

# Logging 0.
# Testing 5.
verb 0