sovereign/roles/vpn/templates/client.cnf.j2

client
dev tun
proto {{ openvpn_protocol }}
remote {{ openvpn_server }} {{ openvpn_port }}
cipher {{ openvpn_cipher }}
auth {{ openvpn_auth_digest }}
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
comp-lzo
key-direction 1
verb 3
route {{ ansible_default_ipv4.address }} 255.255.255.255 net_gateway

{{ openvpn_tls_version_min }}

# If you'd like to enable 2FA support, uncomment the following line
;auth-user-pass

<ca>
{{ openvpn_ca_contents.stdout }}
</ca>

<cert>
{{ item[1].stdout }}
</cert>

<key>
{{ item[2].stdout }}
</key>

<tls-auth>
{{ openvpn_hmac_firewall_contents.stdout }}
</tls-auth>