# Remote host
remote remote.fqdn.tdl 1188

# Protocol & port
proto udp
port 1188

# Interface
dev vpn-ha
dev-type tap

# MTU
tun-mtu 1500

# Secret shared key (generated on first client start)
# Note: to manually generate it, run:
#  openvpn --genkey secret /srv/openvpn/secret.key
#  cp /srv/openvpn/secret.key /etc/openvpn/secret.key
#  chmod 400 /srv/openvpn/secret.key /etc/openvpn/secret.key
secret /srv/openvpn/secret.key
cipher AES-256-CBC

# Keepalive
ping 30
ping-restart 60

# Allow remote address changed
float

# IP address inside VPN
ifconfig 172.16.88.2 255.255.255.0
route-gateway 172.16.88.1

# Optional routes recheable througt the remote host
# route 192.168.8.0 255.255.255.0

# Run openvpn using this specified user & group
user nobody
group nogroup

persist-key
persist-tun

## Logging

# Log level (0-9)
verb 3

# Max repeat count for logged messages
mute 10

# Managing interface
# management 127.0.0.1 7588