# PUBLIC_ADDRESS: priv.astragroup.info (used by openvpn-addclient)

port 1194
proto udp
dev tun

cipher AES-256-CBC
auth SHA256

keepalive 10 120

persist-key
persist-tun
user nobody
group nogroup

script-security 3
#client-connect "/usr/bin/bash /etc/openvpn/scripts/connect.sh"
#client-disconnect "/etc/openvpn/scripts/disconnect.sh"

chroot /etc/openvpn/easy-rsa/keys/crl.jail

crl-verify /etc/openvpn/crl.pem

ca /etc/openvpn/easy-rsa/keys/ca.crt
dh /etc/openvpn/easy-rsa/keys/dh.pem
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
key /etc/openvpn/easy-rsa/keys/private/server.key
cert /etc/openvpn/easy-rsa/keys/issued/server.crt

ifconfig-pool-persist /var/lib/openvpn/server.ipp
client-config-dir /etc/openvpn/server.ccd
status /var/log/openvpn/server.status 1
log /var/log/openvpn/server.log
verb 2

# virtual subnet unique for openvpn to draw client addresses from
# the server will be configured with x.x.x.1
# important: must not be used on your network
server 10.86.203.0 255.255.255.0
# configure clients to route all their traffic through the vpn
push "redirect-gateway def1 bypass-dhcp"
push "explicit-exit-notify 1"