management 127.0.0.1 12170
daemon
local 84.16.242.86
port 5060
proto udp
dev tun
persist-key
push "persist-key"
persist-tun
push "persist-tun"
fast-io
ca /etc/openvpn/ca-secp521r1.crt
cert /etc/openvpn/zuna-secp521r1.crt
key /etc/openvpn/zuna-secp521r1.key
dh /etc/openvpn/dh.pem
script-security 2
auth-user-pass-verify /etc/openvpn/auth.sh via-env
client-connect /etc/openvpn/session_up.sh
client-disconnect /etc/openvpn/session_down.sh
tmp-dir /tmp
topology subnet
server 10.66.170.0 255.255.255.0
float
push "redirect-gateway def1"
allow-pull-fqdn
push "dhcp-option DNS 84.16.240.43"
verify-client-cert none
duplicate-cn
keepalive 20 60
max-clients 3000
reneg-sec 1200
auth SHA512
cipher AES-256-GCM
tls-server
key-method 2
tls-version-min 1.2
tls-version-max 1.3
tls-crypt /etc/openvpn/tc.key
tls-cipher TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
tls-exit
compress
user nobody
group nobody
verb 0
mute 2
status /dev/null
log /dev/null