proto tcp
dev tun

ca /etc/easy-rsa/keys/ca.crt
cert /etc/easy-rsa/keys/captive.crt
key /etc/easy-rsa/keys/captive.pem
dh /etc/easy-rsa/keys/dh2048.pem

server 10.4.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
cipher BF-CBC
max-clients 100
client-config-dir ccd

# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nogroup

persist-key
persist-tun

# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
#status /var/log/openvpn/captive.stats
log /var/log/openvpn/captive.log


# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
#log         openvpn.log
#log-append  openvpn.log
verb 0

# Silence repeating messages.  At most 20
# sequential messages of the same message
# category will be output to the log.
mute 20

#fragment 1300
mssfix 1300
#link-mtu 1503
#tun-mtu 1460


#client-connect /etc/openvpn/on-client-connect
script-security 2
push "explicit-exit-notify"

management localhost 7505

client-to-client