port {{ port }}
proto {{ proto }}
dev tun

ca {{ ca_path }}
cert {{ cert_path }}
key {{ key_path }}
dh {{ dh_path }}
tls-auth {{ ta_path }} 0

server {{ server_network }} {{ server_netmask }}

{% if topology %}
topology {{ topology }}
{% endif %}

{% if ipp_path %}
ifconfig-pool-persist {{ ipp_path }}
{% endif %}

{% if routes %}
{% for route in routes %}
push "route {{ route }}"
{% endfor %}
{% endif %}

{% if redirect_gateway %}
push "redirect-gateway def1 bypass-dhcp"
{% endif %}

{% if dns_servers %}
{% for dns in dns_servers %}
push "dhcp-option DNS {{ dns }}"
{% endfor %}
{% endif %}

{% if client_to_client %}
client-to-client
{% endif %}

keepalive 10 120

cipher {{ cipher }}
{% if data_ciphers %}
data-ciphers {{ data_ciphers }}
{% endif %}
{% if data_ciphers_fallback %}
data-ciphers-fallback {{ data_ciphers_fallback }}
{% endif %}

auth {{ auth_algo }}
user nobody
group nogroup
persist-key
persist-tun

status {{ status_log }}
log-append {{ log_file }}

verb 3
explicit-exit-notify 1

{% if crl_verify %}
crl-verify {{ crl_path }}
{% endif %}

{% if tun_mtu %}
tun-mtu {{ tun_mtu }}
{% endif %}

{% if mssfix %}
mssfix {{ mssfix }}
{% endif %}