The server needs three mandatory configuration files per client (note: each client has his own server
instance with its own configuration; also, each server occupies exactly one UDP port):

• basic configuration file
• TLS verification script
• “up” script to initialise tunnel interface and routing

A sample configuration file looks like this:

The first part of the configuration file configures the OpenVPN server itself (act as a daemon, use a tun P-t-P interface and optimise multiplexing for IPv6 tunnelling). The second part tells the server where to find the  "up" script and the server should authorise connection via TLS. The third part defines where to write log messages. The fourth part tells the server where to find the Diffie Hellmann hash, the CA certificates, the client's public key, the server's private key and the TLS verification script that check's the client certificate's Common Name. The fifth part tells the server which UDP port to use. The sixth part is very important to guarantee the OpenVPN tunnel’s stability when used on dial-up links. It tells the tunnel to try to be as persistent as possible by checking the status of the tunnel with regular pings and other techniques. These options also suffice in many cases to help a client to traverse a NAT gateway because the gateway might be able to recognise that there is constant traffic coming in over the same port. The seventh and last part sets the verbosity level of the log messages.

Another important configuration file is the "up" script that is run by the OpenVPN software after the tunnel has been established. The "up" script configures the local tunnel interface and handles the route setup.