plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so openvpn
port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/myserver.crt
key /etc/openvpn/keys/myserver.key
client-cert-not-required #if client uses no own certificate
username-as-common-name #use if above option is enabled
dh /etc/openvpn/keys/dh1024.pem
mode server
tls-server
ifconfig 192.168.200.1 255.255.255.0 # is required for tun
ifconfig-pool 192.168.200.10 192.168.200.20
route 192.168.200.0 255.255.255.0 #vpn network on local tun interface
topology subnet #only 1 subnet for all clients
push "topology subnet"
push "route 192.168.5.0 255.255.255.0"
push "route-gateway 192.168.200.1"
push "dhcp-option DNS 192.168.5.1"
push "dhcp-option DOMAIN intern.lan"
duplicate-cn #use if client has no individual certificate/key pairs
keepalive 10 60
reneg-sec 0
cipher AES-256-CBC
comp-lzo
max-clients 10
management localhost 7505
persist-key
persist-tun
persist-local-ip
persist-remote-ip
push "persist-tun"
push "persist-key"
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 3