# OpenVPN Server Configuration
# Port 7860 for Hugging Face compatibility
port 7860
proto udp
dev tun

# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key)
ca /etc/openvpn/server/keys/ca.crt
cert /etc/openvpn/server/keys/server.crt
key /etc/openvpn/server/keys/server.key

# Diffie hellman parameters
dh /etc/openvpn/server/keys/dh2048.pem

# Network topology
topology subnet

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from
server 10.8.0.0 255.255.255.0

# Maintain a record of client <-> virtual IP address
# associations in this file
ifconfig-pool-persist /var/log/openvpn/ipp.txt

# Push routes to the client
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

# Client-to-client communication
client-to-client

# Keep alive ping
keepalive 10 120

# TLS authentication
tls-auth /etc/openvpn/server/keys/ta.key 0
key-direction 0

# Cipher selection
cipher AES-256-CBC

# Enable compression
compress lz4-v2
push "compress lz4-v2"

# Maximum number of concurrently connected clients
max-clients 10

# Run with reduced privileges
user nobody
group nogroup

# Persist keys and tun device
persist-key
persist-tun

# Status file
status /var/log/openvpn/openvpn-status.log

# Log file verbosity
verb 3

# Silence repeating messages
mute 20

# Explicit exit notify
explicit-exit-notify 1