client-config-dir /etc/openvpn/server/client-config<br>
ccd-exclusive<br>
<br>
ca /etc/openvpn/server/ca-cert.pem<br>
cert /etc/openvpn/server/private/server-cert.pem<br>
key /etc/openvpn/server/private/server-key.pem<br>
crl-verify /etc/openvpn/server/crl dir<br>
dh /etc/openvpn/server/private/dh4096.pem<br>
<br>
tls-server<br>
tls-version-min 1.3<br>
tls-ciphersuites TLS_AES_256_GCM_SHA384<br>
tls-groups X25519MLKEM768<br>
tls-auth /etc/openvpn/server/private/ta.key 0<br>
data-ciphers AES-256-GCM<br>
auth sha512<br>
reneg-sec 3600<br>
replay-persist /etc/openvpn/server/replay.txt <br>
replay-window 512 15<br>
verify-client-cert require<br>