dev tun

tls-server
proto tcp-server
port 443
local services.unite.uni-sofia.bg

# SSL settings
dh /etc/pki/tls/private/openvpn-server.dh
key /etc/pki/tls/private/openvpn-server.key
cert /etc/pki/tls/certs/openvpn-server.with-chain.crt
capath /etc/openvpn/CA_1
cipher AES-256-GCM
auth SHA384
ecdh-curve secp384r1
tls-version-min 1.2
tls-version-max 1.2
# If your X.509 server certificate key pair is generated based on RSA:
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
# If your X.509 server certificate key pair is generated based on ECC:
# tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256

verify-client-cert require
tls-verify /etc/openvpn/ocsp.sh

script-security 3

log-append /var/log/openvpn/openvpn-server.log

server 10.8.0.0 255.255.255.0
server-ipv6 2001:67c:20d0:29::/64
ifconfig-ipv6 2001:67c:20d0:29:1:: 2001:67c:20d0:29:ffff::
push "route-ipv6 2001:67c:20d0:20::/60"
push "tun-ipv6"

tcp-queue-limit 128
txqueuelen 2000
tcp-nodelay
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"

persist-tun
keepalive 10 60
persist-key

verb 3