OpenVPN config

gistfile1.txt

#dh
openssl dhparam -out /etc/openvpn/dh2048.pem 2048

#CA key+self-signed cert
openssl genrsa -out ca.key 4096
openssl req -x509 -new -key ca.key -days 365 -out ca.crt -subj '/C=RU/ST=Moscow/L=Moscow/CN=root'

#Server key+request+cert
openssl genrsa -out server.key 4096
openssl req -new -key /etc/openvpn/server.key -days 365 -out server.crt -subj '/C=RU/ST=Moscow/L=Moscow/CN=server'
openssl x509 -req -days 365 -in server.crt -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

#Client key+request+cert
openssl genrsa -out client1.key 4096
openssl req -new -key client1.key -days 365 -out client1.crt -subj '/C=RU/ST=Moscow/L=Moscow/CN=client1'
openssl x509 -req -days 365 -in client1.crt -CA ca.crt -CAkey ca.key -set_serial 01 -out client1.crt

#server config
mode server
tls-server
key server.key
cert server.crt
ca ca.crt
dh dh2048.pem
dev tap
local SERVER-IP
port SERVER-PORT
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
proto udp
ifconfig 10.8.0.1 255.255.255.0
client-to-client
server-bridge 10.8.0.1 255.255.255.0 10.8.0.100 10.8.0.200

#client config
client
tls-client
cipher AES-256-GCM
key client1.key
cert client1.crt
ca ca.crt
dev tap
proto udp
remote SERVER-IP SERVER-PORT