openvpn.conf.erb

mode server
writepid /var/vcap/sys/run/openvpn/openvpn.pid
client-config-dir /var/vcap/jobs/openvpn/etc/ccd
cipher <%= p('cipher') %>
keysize <%= p('keysize') %>
<% if_p('tls_cipher') do | v | %>
tls-cipher <%= v %>
<% end %>
tls-version-min <%= p('tls_version_min') %>
proto <%= p('protocol') %>
port <%= p('port') %>
compress <%= p('compress') %>
<% if p('push_compress') && p('compress') %>
push "compress <%= p('compress') %>"
<% end %>
group nogroup
user nobody
status /var/vcap/sys/run/openvpn/status
dev <%= p('device') %>
local <%= p('local') %>
server <%= p('server') %>
<% p('push_routes').each do | route | %>
push "route <%= route %>"
<% end %>
<% p('push_dns').each do |dns| %>
# ensure we can route to the DNS server over the connection
push "route <%= dns %> 255.255.255.255"
push "dhcp-option DNS <%= dns %>"
<% end %>
<% p('push_dns_search_domains').each do |domain| %>
push "dhcp-option DOMAIN <%= domain %>"
push "dhcp-option DOMAIN-SEARCH <%= domain %>"
<% end %>
<% p('routes').each do | route | %>
route <%= route %>
<% end %>
push "ping 15"
push "ping-restart 60"
keepalive 15 60
topology subnet
persist-key
persist-tun
<% if_p('extra_config') do | v | %><%= v %><% end %>
<% p('extra_configs').each do | v | %>
<%= v %>
<% end %>

<ca>
<%= p('tls_server')['ca'] %>
</ca>

<% if_p('tls_crypt') do | v | %>
<tls-crypt>
<%= v %>
</tls-crypt>
<% end %>

<cert>
<%= p('tls_server')['certificate'] %>
</cert>

<key>
<%= p('tls_server')['private_key'] %>
</key>

<% if_p('tls_crl') do | v | %>
<crl-verify>
<%= v %>
</crl-verify>
<% end %>

<dh>
<%= p('dh_pem') %>
</dh>