diff --git a/Bundler/openvpn.xml b/Bundler/openvpn.xml
index 6f35fcf..f377248 100644
--- a/Bundler/openvpn.xml
+++ b/Bundler/openvpn.xml
@@ -3,17 +3,12 @@
   <Service name="openvpn"/>
   <ConfigFile name="/etc/default/openvpn"/>
   <Group name="external">
-    <ConfigFile name="/etc/openvpn/main.conf"/>
-    <ConfigFile name="/etc/openvpn/rescue.conf"/>
-    <ConfigFile name="/etc/openvpn/main.up"/>
-    <ConfigFile name="/etc/openvpn/main.down"/>
-    <ConfigFile name="/etc/openvpn/rescue.up"/>
-    <ConfigFile name="/etc/openvpn/rescue.down"/>
+    <ConfigFile name="/etc/openvpn/komaz.conf"/>
+    <ConfigFile name="/etc/openvpn/freebox.conf"/>
   </Group>
-  <Group name="connection-main">
-    <ConfigFile name="/etc/openvpn/external.conf"/>
-  </Group>
-  <Group name="connection-rescue">
-    <ConfigFile name="/etc/openvpn/external.conf"/>
+  <Group name="external" negate="true">
+    <ConfigFile name="/etc/openvpn/ovh.conf"/>
+    <ConfigFile name="/etc/openvpn/ovh.connect"/>
+    <ConfigFile name="/etc/openvpn/ovh.disconnect"/>
   </Group>
 </Bundle>
diff --git a/Cfg/etc/openvpn/main.down/info.xml b/Cfg/etc/openvpn/main.down/info.xml
deleted file mode 100644
index a0b21f3..0000000
--- a/Cfg/etc/openvpn/main.down/info.xml
+++ /dev/null
@@ -1,3 +0,0 @@
-<FileInfo>
-    <Info owner='root' group='root' perms='0755'/>
-</FileInfo>
diff --git a/Cfg/etc/openvpn/main.down/main.down b/Cfg/etc/openvpn/main.down/main.down
deleted file mode 100755
index 9ae603c..0000000
--- a/Cfg/etc/openvpn/main.down/main.down
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-#
-# Fichier gere par BCfg2 avec le plugin Cfg
-#
-# Configuration des routes lorsque la connexion principale tombe
-
-# La connexion principale est inactive => on passe par la connexion de
-# secours. Si la connexion de secours est down ne marche pas ça
-# changera rien mais de toutes facons on peut pas faire mieux...
-route del -net 10.231.136.0 netmask 255.255.255.0 &> /dev/null
-route add -net 10.231.136.0 netmask 255.255.255.0 dev tun-rescue
diff --git a/Cfg/etc/openvpn/main.up/info.xml b/Cfg/etc/openvpn/main.up/info.xml
deleted file mode 100644
index a0b21f3..0000000
--- a/Cfg/etc/openvpn/main.up/info.xml
+++ /dev/null
@@ -1,3 +0,0 @@
-<FileInfo>
-    <Info owner='root' group='root' perms='0755'/>
-</FileInfo>
diff --git a/Cfg/etc/openvpn/main.up/main.up b/Cfg/etc/openvpn/main.up/main.up
deleted file mode 100755
index 7284544..0000000
--- a/Cfg/etc/openvpn/main.up/main.up
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-#
-# Fichier gere par BCfg2 avec le plugin Cfg
-#
-# Configuration des routes lorsque la connexion principale est
-# disponible
-
-# La connexion principale est active => on l'utilise
-route del -net 10.231.136.0 netmask 255.255.255.0 &> /dev/null
-route add -net 10.231.136.0 netmask 255.255.255.0 dev $dev
diff --git a/Cfg/etc/openvpn/ovh.conf/ovh.conf b/Cfg/etc/openvpn/ovh.conf/ovh.conf
new file mode 100644
index 0000000..bb93123
--- /dev/null
+++ b/Cfg/etc/openvpn/ovh.conf/ovh.conf
@@ -0,0 +1,28 @@
+# Fichier gere par BCfg2 avec le plugin Cfg
+#
+# Configuration du vpn entre komaz/titanic et ovh
+
+daemon tun-ovh
+dev tun-ovh
+
+tls-server
+ca /etc/ssl/certs/root.pem
+cert /etc/ssl/certs/vpn.pem
+tls-verify "/usr/share/openvpn/verify-cn ovh.vpn.crans.org"
+key /etc/ssl/private/vpn.pem
+
+log-append /var/log/openvpn/ovh.log
+
+port 1194
+
+# Du côté crans, le vpn reste toujours actif
+keepalive 15 45
+persist-tun
+
+verb 3
+
+dh /etc/openvpn/dh1024.pem
+
+# Configuration du réseau lorsque ovh se connecte
+client-connect /etc/openvpn/ovh.connect
+client-disconnect /etc/openvpn/ovh.disconnect
diff --git a/Cfg/etc/openvpn/ovh.connect/info.xml b/Cfg/etc/openvpn/ovh.connect/info.xml
new file mode 100644
index 0000000..18ad0f3
--- /dev/null
+++ b/Cfg/etc/openvpn/ovh.connect/info.xml
@@ -0,0 +1,3 @@
+<FileInfo>
+    <Info owner='root' group='root' perms='0755' encoding='base64'/>
+</FileInfo>
diff --git a/Cfg/etc/openvpn/ovh.connect/ovh.connect b/Cfg/etc/openvpn/ovh.connect/ovh.connect
new file mode 100755
index 0000000..876f9a1
--- /dev/null
+++ b/Cfg/etc/openvpn/ovh.connect/ovh.connect
@@ -0,0 +1,15 @@
+#!/bin/bash
+#
+# Fichier gere par BCfg2 avec le plugin Cfg
+#
+# Configuration lorsque ovh se connecte via se point du reseau (komaz
+# ou titanic)
+
+iface=$(route -n|awk '$1 == "10.231.136.0" {print $8}')
+my_ip=$(ip addr show dev $iface|awk '$1 == "inet" {sub("/.*", "", $2); print $2}')
+ovh_ip=10.231.136.8
+
+ip addr add $my_ip peer $ovh_ip/32 dev $iface
+ip link set up dev $iface
+ip neigh add proxy $ovh_ip dev $iface
+
diff --git a/Cfg/etc/openvpn/ovh.disconnect/info.xml b/Cfg/etc/openvpn/ovh.disconnect/info.xml
new file mode 100644
index 0000000..18ad0f3
--- /dev/null
+++ b/Cfg/etc/openvpn/ovh.disconnect/info.xml
@@ -0,0 +1,3 @@
+<FileInfo>
+    <Info owner='root' group='root' perms='0755' encoding='base64'/>
+</FileInfo>
diff --git a/Cfg/etc/openvpn/ovh.disconnect/ovh.disconnect b/Cfg/etc/openvpn/ovh.disconnect/ovh.disconnect
new file mode 100755
index 0000000..1722622
--- /dev/null
+++ b/Cfg/etc/openvpn/ovh.disconnect/ovh.disconnect
@@ -0,0 +1,11 @@
+#!/bin/bash
+#
+# Fichier gere par BCfg2 avec le plugin Cfg
+#
+# Configuration lorsque la connexion avec ovh est perdue
+
+iface=$(route -n|awk '$1 == "10.231.136.0" {print $8}')
+ovh_ip=10.231.136.8
+
+ip neigh del proxy $ovh_ip dev $iface
+ip link set down dev $iface
diff --git a/Cfg/etc/openvpn/rescue.down/info.xml b/Cfg/etc/openvpn/rescue.down/info.xml
deleted file mode 100644
index a0b21f3..0000000
--- a/Cfg/etc/openvpn/rescue.down/info.xml
+++ /dev/null
@@ -1,3 +0,0 @@
-<FileInfo>
-    <Info owner='root' group='root' perms='0755'/>
-</FileInfo>
diff --git a/Cfg/etc/openvpn/rescue.down/rescue.down b/Cfg/etc/openvpn/rescue.down/rescue.down
deleted file mode 100755
index da76677..0000000
--- a/Cfg/etc/openvpn/rescue.down/rescue.down
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-#
-# Fichier gere par BCfg2 avec le plugin Cfg
-#
-# Configuration des routes lorsque la connexion de secours tombe
-
-# Si c'était la route actuelle, alors tant pis...
-if [ "$(route -n|awk '$1 == "$ifconfig_remote" {print $8}')" = "$dev" ]; then
-    route del -net 10.231.136.0 netmask 255.255.255.0 &> /dev/null
-fi
diff --git a/Cfg/etc/openvpn/rescue.up/info.xml b/Cfg/etc/openvpn/rescue.up/info.xml
deleted file mode 100644
index a0b21f3..0000000
--- a/Cfg/etc/openvpn/rescue.up/info.xml
+++ /dev/null
@@ -1,3 +0,0 @@
-<FileInfo>
-    <Info owner='root' group='root' perms='0755'/>
-</FileInfo>
diff --git a/Cfg/etc/openvpn/rescue.up/rescue.up b/Cfg/etc/openvpn/rescue.up/rescue.up
deleted file mode 100755
index cf2f67e..0000000
--- a/Cfg/etc/openvpn/rescue.up/rescue.up
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-#
-# Fichier gere par BCfg2 avec le plugin Cfg
-#
-# Configuration des routes lorsque la connexion de secours est
-# disponible
-
-# Si on a déjà une route vers le vlan adm alors on ne fait rien
-if [ -z "$(route -n|awk '$1 == "$ifconfig_remote" {print $8}')" ]; then
-    route add -net 10.231.136.0 netmask 255.255.255.0 dev $dev
-fi
diff --git a/Python/etc/default/openvpn b/Python/etc/default/openvpn
index 5660fe2..f7676f3 100644
--- a/Python/etc/default/openvpn
+++ b/Python/etc/default/openvpn
@@ -3,6 +3,6 @@
 header("Configuration des tunnels a lancer par defauts")
 
 if has("external"):
-    @AUTOSTART = "main rescue"
+    @AUTOSTART="komaz"
 else:
-    @AUTOSTART = "external"
+    @AUTOSTART="ovh"
diff --git a/Python/etc/openvpn/external.conf b/Python/etc/openvpn/external.conf
deleted file mode 100644
index 59ff37b..0000000
--- a/Python/etc/openvpn/external.conf
+++ /dev/null
@@ -1,30 +0,0 @@
-# -*- coding: utf-8; mode: python -*-
-
-include("ip")
-
-header("Configuration du tunnel vers les serveurs a 'exterieur")
-
-print """
-daemon tun-ovh
-dev tun-ovh
-
-tls-server
-ca /etc/ssl/certs/root.pem
-cert /etc/ssl/certs/vpn.pem
-tls-verify "/usr/share/openvpn/verify-cn ovh.vpn.crans.org"
-key /etc/ssl/private/vpn.pem
-
-log-append /var/log/openvpn/external.log
-
-port 1194
-
-ifconfig %s %s
-
-ping-timer-rem
-keepalive 10 60
-persist-tun
-
-verb 3
-
-dh /etc/openvpn/dh1024.pem
-""" % (admipof("komaz"), admipof("ovh"))
diff --git a/Python/etc/openvpn/freebox.conf b/Python/etc/openvpn/freebox.conf
new file mode 100644
index 0000000..fc0f117
--- /dev/null
+++ b/Python/etc/openvpn/freebox.conf
@@ -0,0 +1,5 @@
+# -*- coding: utf-8; mode: python -*-
+
+remote_vpn="titanic"
+remote="freebox"
+dump("template/openvpn")
diff --git a/Python/etc/openvpn/komaz.conf b/Python/etc/openvpn/komaz.conf
new file mode 100644
index 0000000..d69a4ac
--- /dev/null
+++ b/Python/etc/openvpn/komaz.conf
@@ -0,0 +1,4 @@
+# -*- coding: utf-8; mode: python -*-
+
+remote="komaz"
+dump("template/openvpn")
diff --git a/Python/etc/openvpn/rescue.conf b/Python/etc/openvpn/rescue.conf
deleted file mode 100644
index 4773c22..0000000
--- a/Python/etc/openvpn/rescue.conf
+++ /dev/null
@@ -1,35 +0,0 @@
-# -*- coding: utf-8; mode: python -*-
-
-include("ip")
-
-header("Configuration du tunnel vers la connexion principale")
-
-print """
-daemon tun-rescue
-dev tun-rescue
-
-tls-server
-ca /etc/ssl/certs/root.pem
-cert /etc/ssl/certs/vpn.pem
-tls-verify "/usr/share/openvpn/verify-cn freebox.vpn.crans.org"
-key /etc/ssl/private/vpn.pem
-
-log-append /var/log/openvpn/rescue.log
-
-port 1194
-
-ifconfig %s %s
-
-ping-timer-rem
-keepalive 10 60
-persist-tun
-
-verb 3
-
-dh /etc/openvpn/dh1024.pem
-up /etc/openvpn/up
-down /etc/openvpn/down
-up-restart
-
-remote %s
-""" % (admipof("ovh"), admipof("komaz"), pubipof("freebox"))
diff --git a/Python/etc/openvpn/main.conf b/etc/python/template/openvpn.py
similarity index 54%
rename from Python/etc/openvpn/main.conf
rename to etc/python/template/openvpn.py
index 9e06692..c09520d 100644
--- a/Python/etc/openvpn/main.conf
+++ b/etc/python/template/openvpn.py
@@ -1,8 +1,6 @@
 # -*- coding: utf-8; mode: python -*-
 
-include("ip")
-
-header("Configuration du tunnel vers la connexion principale")
+header("Configuration du tunnel entre %s et %s" %s (hostname, remote))
 
 print """
 daemon tun-main
@@ -14,11 +12,12 @@ cert /etc/ssl/certs/vpn.pem
 tls-verify "/usr/share/openvpn/verify-cn komaz.vpn.crans.org"
 key /etc/ssl/private/vpn.pem
 
-log-append /var/log/openvpn/main.log
+log-append /var/log/openvpn/%s.log
 
 port 1194
 
-ifconfig %s %s
+ifconfig %(local)s %(remote_vpn)s
+route 10.231.136.0 255.255.255.0 vpn_gateway
 
 ping-timer-rem
 keepalive 10 60
@@ -27,9 +26,9 @@ persist-tun
 verb 3
 
 dh /etc/openvpn/dh1024.pem
-up /etc/openvpn/up
-down /etc/openvpn/down
-up-restart
 
 remote %s
-""" % (admipof("ovh"), admipof("komaz"), pubipof("komaz"))
+""" % (remote,
+       admipof("ovh"),
+       admipof(remote_vpn or remote),
+       pubipof(remote))