# init
port 10011
proto udp

# tun = routing. tap = bridging
dev tun0
#server-bridge 10.8.0.0 255.255.255.0 10.8.0.1 10.8.0.199
server 10.80.0.0 255.255.255.0
keepalive 10 120
group nobody
user nobody
comp-lzo
#client-to-client
persist-key
persist-tun
#duplicate-cn
log-append /var/log/openvpn.log
status /var/log/openvpn_status.log
status-version 3
verb 5

# tls items
ca /usr/local/etc/openvpn/certs/ca-chain.crt
#crl-verify /usr/local/etc/openvpn/intermediate.crl.pem
cert /usr/local/etc/openvpn/certs/vpn.secmayl.com.crt.pem
key /usr/local/etc/openvpn/certs/vpn.secmayl.com.key.pem
dh /usr/local/etc/openvpn/certs/dh.pem

# tls harden security
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
tls-crypt /usr/local/etc/openvpn/auth.key
cipher AES-256-CBC
auth SHA512
reneg-sec 60

# networking
ifconfig-pool-persist /usr/local/etc/openvpn/ipp.txt
#route 192.168.0.10 255.255.255.0 10.9.0.1
push "route 192.168.0.0 255.255.255.0"
push "dhcp-option DNS 192.168.0.1"
#push "dhcp-option WINS 192.168.0.1"
push "dhcp-option DOMAIN secmayl.com"
#push "dhcp-option SEARCH secmayl.com"