APP_PROFILER/templates/server.conf.j2

dev tun
proto {{ protocol }}
{% if protocol == 'tcp' %}
tls-server
{% else %}
# explicit-exit-notify 1
explicit-exit-notify 1
{% endif %}
port {{ port }}

# Keys
ca {{ ca_path }}
cert {{ srv_cert_path }}
key {{ srv_key_path }}
dh {{ dh_path }}
tls-auth {{ ta_path }} 0

{% if tun_mtu %}
tun-mtu {{ tun_mtu }}
{% endif %}
{% if mssfix %}
mssfix {{ mssfix }}
{% endif %}

# Network topology
topology subnet
server {{ vpn_network }} {{ vpn_netmask }}

ifconfig-pool-persist /etc/openvpn/ipp.txt

log /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn-status.log

verb 3

# Use Extended Status Output
status /var/log/openvpn/openvpn-status.log 5
status-version 2

# Tunneling Mode
{% if tunnel_type == 'FULL' %}
push "redirect-gateway def1 bypass-dhcp"
# Full tunneling mode - all routes through VPN
{% else %}
# Split tunneling mode
{% for route in split_routes %}
push "route {{ route }}"
{% endfor %}
{% endif %}

# DNS Configuration
{% if user_defined_dns %}
{% for dns in dns_servers %}
push "dhcp-option DNS {{ dns }}"
{% endfor %}
{% endif %}

# Client-to-client communication
{% if client_to_client %}
client-to-client
{% else %}
# client-to-client disabled
{% endif %}

user nobody
group nogroup

# Allow same profile on multiple devices simultaneously
{% if duplicate_cn %}
duplicate-cn
{% else %}
# duplicate-cn disabled
{% endif %}

# data protection
data-ciphers CHACHA20-POLY1305:AES-256-GCM:AES-256-CBC
data-ciphers-fallback AES-256-CBC
auth SHA256

keepalive 10 120

persist-key
persist-tun

# check revocation list
{% if crl_verify %}
crl-verify /etc/openvpn/crl.pem
{% else %}
# crl-verify disabled
{% endif %}

# Script Security Level
{% if user_defined_cdscripts %}
script-security 2

# Client Connect Script
{% if connect_script %}
client-connect "{{ connect_script }}"
{% endif %}

# Client Disconnect Script
{% if disconnect_script %}
client-disconnect "{{ disconnect_script }}"
{% endif %}
{% endif %}

# Enable Management Interface
{% if management_interface %}
management {{ management_interface_address }} {{ management_port }}
{% endif %}
new awesome build 2026-01-28 22:37:47 +03:00			`dev tun`
			`proto {{ protocol }}`
			`{% if protocol == 'tcp' %}`
			`tls-server`
			`{% else %}`
			`# explicit-exit-notify 1`
			`explicit-exit-notify 1`
			`{% endif %}`
			`port {{ port }}`

			`# Keys`
			`ca {{ ca_path }}`
			`cert {{ srv_cert_path }}`
			`key {{ srv_key_path }}`
			`dh {{ dh_path }}`
			`tls-auth {{ ta_path }} 0`

			`{% if tun_mtu %}`
			`tun-mtu {{ tun_mtu }}`
			`{% endif %}`
			`{% if mssfix %}`
			`mssfix {{ mssfix }}`
			`{% endif %}`

			`# Network topology`
			`topology subnet`
			`server {{ vpn_network }} {{ vpn_netmask }}`

			`ifconfig-pool-persist /etc/openvpn/ipp.txt`

nginx template fix 2026-02-06 21:14:52 +03:00			`log /var/log/openvpn/openvpn-status.log`
			`log-append /var/log/openvpn/openvpn-status.log`
new awesome build 2026-01-28 22:37:47 +03:00
			`verb 3`

			`# Use Extended Status Output`
nginx template fix 2026-02-06 21:14:52 +03:00			`status /var/log/openvpn/openvpn-status.log 5`
new awesome build 2026-01-28 22:37:47 +03:00			`status-version 2`

			`# Tunneling Mode`
			`{% if tunnel_type == 'FULL' %}`
			`push "redirect-gateway def1 bypass-dhcp"`
			`# Full tunneling mode - all routes through VPN`
			`{% else %}`
			`# Split tunneling mode`
			`{% for route in split_routes %}`
			`push "route {{ route }}"`
			`{% endfor %}`
			`{% endif %}`

			`# DNS Configuration`
			`{% if user_defined_dns %}`
			`{% for dns in dns_servers %}`
			`push "dhcp-option DNS {{ dns }}"`
			`{% endfor %}`
			`{% endif %}`

			`# Client-to-client communication`
			`{% if client_to_client %}`
			`client-to-client`
			`{% else %}`
			`# client-to-client disabled`
			`{% endif %}`

			`user nobody`
			`group nogroup`

			`# Allow same profile on multiple devices simultaneously`
			`{% if duplicate_cn %}`
			`duplicate-cn`
			`{% else %}`
			`# duplicate-cn disabled`
			`{% endif %}`

			`# data protection`
			`data-ciphers CHACHA20-POLY1305:AES-256-GCM:AES-256-CBC`
			`data-ciphers-fallback AES-256-CBC`
			`auth SHA256`

			`keepalive 10 120`

			`persist-key`
			`persist-tun`

			`# check revocation list`
			`{% if crl_verify %}`
			`crl-verify /etc/openvpn/crl.pem`
			`{% else %}`
			`# crl-verify disabled`
			`{% endif %}`

			`# Script Security Level`
			`{% if user_defined_cdscripts %}`
			`script-security 2`

			`# Client Connect Script`
			`{% if connect_script %}`
			`client-connect "{{ connect_script }}"`
			`{% endif %}`

			`# Client Disconnect Script`
			`{% if disconnect_script %}`
			`client-disconnect "{{ disconnect_script }}"`
			`{% endif %}`
			`{% endif %}`

			`# Enable Management Interface`
			`{% if management_interface %}`
			`management {{ management_interface_address }} {{ management_port }}`
			`{% endif %}`