network/salt/vpn/openvpn.conf

{%- set conf = pillar['openvpn'][name] %}
client
dev {{ name }}
dev-type tun
proto udp

remote {{ conf['server'] }}
resolv-retry infinite
nobind

user nobody
group nogroup
persist-key
persist-tun

log /var/log/openvpn-{{ name }}.log

#ifconfig-noexec
route 0.0.0.0 0.0.0.0
#route-nopull
up /etc/openvpn/{{ name }}.up
script-security 2

auth-user-pass /etc/openvpn/{{ name }}.auth
auth-retry nointeract

ca [inline]

tls-client
tls-auth [inline]
setenv CLIENT_CERT 0
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun

reneg-sec 0

remote-cert-tls server

keepalive 10 30
cipher AES-256-CBC
comp-lzo


passtos
verb 1


<ca>
{{ conf['ca'] }}
</ca>

key-direction 1
<tls-auth>
{{ conf['key'] }}
</tls-auth>