mode server proto udp lport {{ openvpn_zone.server_port }} ping 60 ping-timer-rem tls-server ca /etc/ssl/openvpn/{{ openvpn_zone.name }}/ca-crt.pem dh /etc/ssl/openvpn/{{ openvpn_zone.name }}/dhparams.pem cert /etc/ssl/openvpn/{{ openvpn_zone.name }}/server/crt.pem key /etc/ssl/openvpn/{{ openvpn_zone.name }}/server/key.pem verify-client-cert require remote-cert-tls client cipher AES-256-GCM persist-key dev tun persist-tun topology subnet ifconfig {{ openvpn_zone.subnet | ansible.utils.ipaddr(openvpn_zone.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }} {{ openvpn_zone.subnet | ansible.utils.ipaddr('netmask') }} push "topology subnet" client-config-dir {{ openvpn_zone.name }}-ccd/ ccd-exclusive {% for client, routes in (openvpn_zone.routes | default({})).items() %} ## static routes for client {{ client }} {% for route in routes %} route {{ route | ansible.utils.ipaddr('network') }} {{ route | ansible.utils.ipaddr('netmask') }} {{ openvpn_zone.subnet | ansible.utils.ipaddr(openvpn_zone.offsets[client]) | ansible.utils.ipaddr('address') }} {% endfor %} {% endfor %}