diff options
author | elijah <elijah@riseup.net> | 2014-11-10 20:43:24 -0800 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2014-11-10 20:43:24 -0800 |
commit | b9d2030beb890e8dccbbe42bfcc430a2c2702a92 (patch) | |
tree | 6f45c3c6f7a51cb836015ba4767c9d25935a1e54 | |
parent | d62f07ab408c6ff4d9d28a452c855ee6ed6cd758 (diff) |
openvpn - support customizing --fragment, and set default to 1400
-rw-r--r-- | provider_base/files/service-definitions/v1/eip-service.json.erb | 4 | ||||
-rw-r--r-- | provider_base/services/openvpn.json | 3 | ||||
-rw-r--r-- | puppet/modules/site_openvpn/manifests/server_config.pp | 12 |
3 files changed, 18 insertions, 1 deletions
diff --git a/provider_base/files/service-definitions/v1/eip-service.json.erb b/provider_base/files/service-definitions/v1/eip-service.json.erb index 3b8976fd..0ecd002a 100644 --- a/provider_base/files/service-definitions/v1/eip-service.json.erb +++ b/provider_base/files/service-definitions/v1/eip-service.json.erb @@ -42,6 +42,10 @@ end configuration = node.openvpn.configuration end + configuration = configuration.dup + if configuration['fragment'] && configuration['fragment'] == 1500 + configuration.delete('fragment') + end hsh["gateways"] = gateways.compact hsh["locations"] = locations hsh["openvpn_configuration"] = configuration diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index 1906244c..127f5890 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -24,7 +24,8 @@ "auth": "SHA1", "cipher": "AES-128-CBC", "keepalive": "10 30", - "tun-ipv6": true + "tun-ipv6": true, + "fragment": 1400 } }, "obfsproxy": { diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp index 97cf2842..466f6d00 100644 --- a/puppet/modules/site_openvpn/manifests/server_config.pp +++ b/puppet/modules/site_openvpn/manifests/server_config.pp @@ -85,6 +85,18 @@ define site_openvpn::server_config( key => 'tcp-nodelay', server => $openvpn_configname; } + } elsif $proto == 'udp' { + if $config['fragment'] != 1500 { + openvpn::option { + "fragment ${openvpn_configname}": + key => 'fragment', + value => $config['fragment'], + server => $openvpn_configname; + "mssfix ${openvpn_configname}": + key => 'mssfix', + server => $openvpn_configname; + } + } } openvpn::option { |