diff --git a/aries/vpn/openvpn.conf b/aries/vpn/openvpn.conf
new file mode 100644
index 0000000..38be28e
--- /dev/null
+++ b/aries/vpn/openvpn.conf
@@ -0,0 +1,44 @@
+# init
+port 10011
+proto udp
+
+# tun = routing. tap = bridging
+dev tun0
+#server-bridge 10.8.0.0 255.255.255.0 10.8.0.1 10.8.0.199
+server 10.80.0.0 255.255.255.0
+keepalive 10 120
+group nobody
+user nobody
+comp-lzo
+#client-to-client
+persist-key
+persist-tun
+#duplicate-cn
+log-append /var/log/openvpn.log
+status /var/log/openvpn_status.log
+status-version 3
+verb 5
+
+# tls items
+ca /usr/local/etc/openvpn/certs/ca-chain.crt
+#crl-verify /usr/local/etc/openvpn/intermediate.crl.pem
+cert /usr/local/etc/openvpn/certs/vpn.secmayl.com.crt.pem
+key /usr/local/etc/openvpn/certs/vpn.secmayl.com.key.pem
+dh /usr/local/etc/openvpn/certs/dh.pem
+
+# tls harden security
+tls-version-min 1.2
+tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
+tls-crypt /usr/local/etc/openvpn/auth.key
+cipher AES-256-CBC
+auth SHA512
+reneg-sec 60
+
+# networking
+ifconfig-pool-persist /usr/local/etc/openvpn/ipp.txt
+#route 192.168.0.10 255.255.255.0 10.9.0.1
+push "route 192.168.0.0 255.255.255.0"
+push "dhcp-option DNS 192.168.0.1"
+#push "dhcp-option WINS 192.168.0.1"
+push "dhcp-option DOMAIN secmayl.com"
+#push "dhcp-option SEARCH secmayl.com"
\ No newline at end of file