# -*- coding: utf-8; mode: python -*-

include("ip")

header("Configuration du tunnel entre %s et %s" % (hostname, remote))

_out("""
daemon tun-%(remote_name)s
dev tun-%(remote_name)s

tls-client
ca /etc/ssl/certs/cacert.org.pem
cert /etc/ssl/certs/vpn.pem
tls-verify "/usr/scripts/utils/verify-cn /etc/openvpn/allowed_clients"
key /etc/ssl/private/vpn.pem

log-append /var/log/openvpn/%(remote_name)s.log

port 1194
fragment 1400

ifconfig %(local_vpn_ip)s %(remote_vpn_ip)s
route 10.231.136.0 255.255.255.0 vpn_gateway

ping 15
ping-exit 45

script-security 2
verb 3

dh /etc/openvpn/dh1024.pem

remote %(remote_pub_ip)s
""" % { "remote_name": remote,
        "local_vpn_ip": admip(),
        "remote_vpn_ip": admipof(remote_vpn),
        "remote_pub_ip": pubipof(remote) })