user  nobody
group nogroup

local {{ ansible_default_ipv4.address }}
port 1194
proto udp
dev tun
mode server
keepalive 10 120

cipher AES-128-CBC # AES
#comp-lzo
# compress (à partir d'OpenVPN 2.4)

persist-key
persist-tun

status /var/log/openvpn-status.log
log-append  /var/log/openvpn.log

ca   /etc/shellpki/cacert.pem
cert /etc/shellpki/certs/{{ ansible_fqdn }}.crt
key  /etc/shellpki/private/{{ ansible_fqdn }}.key
dh   /etc/shellpki/dh2048.pem

server {{ openvpn_lan }} {{ openvpn_netmask }}