local 10.60.0.3
port 1194
proto udp
dev tun

# Bro is too honorable
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/vpn.crt
key /etc/openvpn/server/vpn.key
dh /etc/openvpn/server/dh2048.pem

server 10.8.0.0 255.255.255.0
verb 4

topology subnet

# auth
cipher AES-256-GCM
auth SHA256

# plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so login
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so totp
tls-auth /etc/openvpn/server/ta.key 0

static-challenge "Enter TOTP: " 1
handshake-window 120