configpolicy/roles/dch-openvpn-server/templates/pyrocufflink.openvpn.conf.j2

dev tun
port 1194
proto tcp-server
mode server
tls-server

ca ca.crt
cert /etc/pki/tls/certs/openvpn.cer
key /etc/pki/tls/private/openvpn.key
dh dh2048.pem

topology subnet
push "topology subnet"
ifconfig 172.30.0.209 255.255.255.240
ifconfig-pool 172.30.0.216 172.30.0.222
{% for net in firemon_networks %}
route {{ net|ipaddr('network') }} {{ net|ipaddr('netmask') }} 172.30.0.210
{% endfor %}
push "route 172.30.0.0 255.255.255.192 172.30.0.209"
push "route 172.31.0.0 255.255.255.224 172.30.0.209"
push "route 172.31.0.64 255.255.255.240 172.30.0.209"
push "dhcp-option DNS 172.30.0.4"
push "dhcp-option DNS 172.30.0.3"
client-to-client
client-config-dir clients

keepalive 10 120