server.conf

dev tun
port 1194
proto udp4

ca ca.crt
cert ichikawayukko.mydns.jp.crt
key ichikawayukko.mydns.jp.key
tls-auth ta.key 0
dh none

cipher aes-256-gcm
ncp-ciphers aes-256-gcm
tls-version-min 1.2 # Older client still not work with 1.3. So, accepting 1.2 is still better.
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-C
HACHA20-POLY1305-SHA256:TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
tls-ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
ecdh-curve secp384r1

server 10.77.66.0 255.255.255.0
server-ipv6 fd00:feed:beef::/64
ifconfig-ipv6 fd00:feed:beef::1 fd00:feed:beef::2
keepalive 60 600

compress lz4-v2
persist-key
persist-tun
push "persist-key"
push "persist-tun"
push "route 10.77.66.0 255.255.255.0"
push "route-ipv6 2000::/3"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1"

user nobody
group nobody

log-append /var/log/openvpn.log

crl-verify crl.pem