# Listen on UDP port 1194 port 1194 proto udp proto udp6 # Use a tun device and push an IPv6 tunnel to clients dev tun # Certificate settings ca ca.crt cert server.crt key server.key dh dh2048.pem # Create subnets for the clients topology subnet server 10.8.0.0 255.255.255.0 server-ipv6 2001:1:2:3:80::/112 # Have all traffic go through the VPN push "redirect-gateway def1 bypass-dhcp" ## OpenDNS is used in this example, but anything reachable by the VPN server will work push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 208.67.220.220" # Allow direct client-to-client connections client-to-client # Ping every 10 seconds, assume disconnect after 120 seconds keepalive 10 120 # TLS parameters ## This is the server tls-auth ta.key 0 key-direction 0 ## Use strong ciphers cipher AES-256-CBC auth SHA512 # Run the daemon with minimal privileges user nobody group nogroup persist-key persist-tun # Logging settings status openvpn-status.log verb 3 explicit-exit-notify 1