[connection]
certidude managed = true
id = {{ session.service.title }}
uuid = {{ uuid }}
type = vpn

[vpn]
service-type = org.freedesktop.NetworkManager.openvpn
connection-type = tls
cert-pass-flags 0
tap-dev = no
remote-cert-tls = server
remote = {{ authority.namespace }}
key = {% if key_path %}{{ key_path }}{% else %}/etc/certidude/authority/{{ authority.namespace }}/host_key.pem{% endif %}
cert = {% if certificate_path %}{{ certificate_path }}{% else %}/etc/certidude/authority/{{ authority.namespace }}/host_cert.pem{% endif %}
ca = {% if authority_path %}{{ authority_path }}{% else %}/etc/certidude/authority/{{ authority.namespace }}/ca_cert.pem{% endif %}
tls-cipher = {{ authority.openvpn.tls_cipher }}
cipher = {{ authority.openvpn.cipher }}
auth = {{ authority.openvpn.auth }}
{% if port %};port = {{ port }}{% else %};port = 1194{% endif %}
{% if not proto or not proto.startswith('tcp') %};{% endif %}proto-tcp = yes

[ipv4]
# Route only pushed subnets to tunnel
never-default = true
method = auto

[ipv6]
method = auto