listen-host = {{ dns_name }}
tcp-port = 443
server-cert = /etc/letsencrypt/live/{{ dns_name }}/fullchain.pem
server-key = /etc/letsencrypt/live/{{ dns_name }}/privkey.pem

run-as-user = ocserv
run-as-group = ocserv
socket-file = /run/ocserv-socket
chroot-dir = /var/lib/ocserv
connect-script = /usr/local/bin/ocserv-script
disconnect-script = /usr/local/bin/ocserv-script

device = vpns
cisco-client-compat = true
dtls-legacy = true
compression = true
isolate-workers = true

auth = certificate
ca-cert = /etc/ocserv/ca.crt
cert-user-oid = 2.5.4.3
cert-group-oid = 2.5.4.11
config-per-group = /etc/ocserv/config-per-group/
default-domain = {{ domain }}
ipv4-network = {{ vpn.network }}
route = {{ vpn.network }}