{% if proto == "udp" %}
dev tun0
proto udp
port 1194
management 127.0.0.1 7505
setenv service openvpn-udp
{% else %}
dev tun1
port-share 127.0.0.1 1443
proto tcp-server
port 443
socket-flags TCP_NODELAY
management 127.0.0.1 7506
setenv service openvpn-tcp
{% endif %}

# Client subnets
server {{ slot4.network_address }} {{ slot4.netmask }}
{% if slot6 %}
server-ipv6 {{ slot6 }}
{% endif %}
topology subnet

# Bind to all interfaces
local 0.0.0.0

# Send keep alive packets, mainly for UDP
keepalive 60 120

opt-verify

# Keypairs
key /server-secrets/self_key.pem
cert /server-secrets/self_cert.pem
ca /server-secrets/ca_cert.pem

# Push subnets
{% if push %}
push "route-metric 10002
{% endif %}
{% for subnet in push4 %}
push "route {{ subnet.network_address }} {{ subnet.netmask }}"
{% endfor %}
{% for subnet in push6 %}
push "route-ipv6 {{ subnet }}"
{% endfor %}

# DH parameters file
dh none
#dhparam.pem

# Control channel encryption parameterss
# For more info see: openvpn --show-tls
tls-version-min {{ openvpn_tls_version_min }}
tls-ciphersuites {{ openvpn_tls_ciphersuites }} # Used by TLS 1.3
tls-cipher {{ openvpn_tls_cipher }} # Used by TLS 1.2

# Data channel encryption parameters
cipher {{ openvpn_cipher }}
auth {{ openvpn_auth }}

# Just to sanity check ourselves
tls-cert-profile preferred

script-security 2
learn-address /helpers/learn-address.py
client-connect /helpers/client-connect.py
#verb 0