user  nobody
group nogroup

local 198.51.100.1
port 1194
proto udp
dev tun
mode server
keepalive 10 120
tls-exit

cipher AES-256-GCM # AES

persist-key
persist-tun

ifconfig-pool-persist /etc/openvpn/ipp.txt

status /var/log/openvpn-status.log
log-append  /var/log/openvpn.log

ca   /etc/shellpki/cacert.pem
#cert /etc/shellpki/certs/fw.vpn.example.com.crt
#key  /etc/shellpki/private/fw.vpn.example.com-1621504035.key
dh   /etc/shellpki/dh2048.pem

crl-verify /etc/shellpki/crl.pem

server 192.0.2.0 255.255.255.0

#push "route 192.0.3.0 255.255.255.0"

# Management interface (used by check_openvpn for Nagios)
management 127.0.0.1 1195 /etc/openvpn/management-pwd