Change ovpn example file to match the openvpn ansible role and wiki

ovpn.conf.example

@@ -1,54 +1,34 @@
-#
-# General settings
-#
-
 user  nobody
 group nogroup
 
-# Do not try to re-read key file and reopen tun device on restart since it runs
+local 198.51.100.1
-# without root privileges.
+port 1194
+proto udp
+dev tun
+mode server
+keepalive 10 120
+tls-exit
+
+cipher AES-256-GCM # AES
+
 persist-key
 persist-tun
-#persist-remote-ip
-#persist-local-ip
 
-# Status file
+ifconfig-pool-persist /etc/openvpn/ipp.txt
-status /var/log/openvpn/status.log 1
-#log    /var/log/openvpn/openvpn.log
-# Logging verbosity. Logs are sent to syslog.
-verb 3
 
-# Keepalive
+status /var/log/openvpn-status.log
-keepalive 10 120
+log-append  /var/log/openvpn.log
-#reneg-sec 300
 
-#
+ca   /etc/shellpki/cacert.pem
-# Network settings
+#cert /etc/shellpki/certs/fw.vpn.example.com.crt
-#
+#key  /etc/shellpki/private/fw.vpn.example.com-1621504035.key
+dh   /etc/shellpki/dh2048.pem
 
-port  1194
+crl-verify /etc/shellpki/crl.pem
-proto udp
-dev   tun
 
-# Enable compression
+server 192.0.2.0 255.255.255.0
-# comp-lzo
-# compress lzo (OpenVPN 2.4+)
 
-#
+#push "route 192.0.3.0 255.255.255.0"
-# key/certificate
-#
-
-### ca   /etc/openvpn/ssl/ca/cacert.pem
-### cert /etc/openvpn/ssl/files/fw.vpn.example.com-1278421834/fw.vpn.example.com.crt
-### key /etc/openvpn/ssl/files/fw.vpn.example.com-1278421834/fw.vpn.example.com.key
-dh   /etc/openvpn/ssl/ca/dh2048.pem
-
-#
-# private network
-#
-
-server 192.0.2.0 255.255.0.0
-mode server
 
 # Management interface (used by check_openvpn for Nagios)
 management 127.0.0.1 1195 /etc/openvpn/management-pwd