diff options
author | varac <varac@users.noreply.github.com> | 2014-04-02 13:34:48 +0200 |
---|---|---|
committer | varac <varac@users.noreply.github.com> | 2014-04-02 13:34:48 +0200 |
commit | b90131d565ca5e4dd6f148a520e3b2ff94e8cce9 (patch) | |
tree | d8f095e23d13d93c5f758ad08f52db173bade220 /provider_base | |
parent | 0e6c5cad63c038c0719ac409bb3cf02b8019f7ad (diff) | |
parent | 222fd1568d7af9ea953a4d6179578da5994ea1fd (diff) |
Merge pull request #20 from elijh/feature/openvpn-config
allow ability to customize openvpn security options
Diffstat (limited to 'provider_base')
-rw-r--r-- | provider_base/files/service-definitions/v1/eip-service.json.erb | 11 | ||||
-rw-r--r-- | provider_base/services/openvpn.json | 7 |
2 files changed, 12 insertions, 6 deletions
diff --git a/provider_base/files/service-definitions/v1/eip-service.json.erb b/provider_base/files/service-definitions/v1/eip-service.json.erb index feaea25b..3b8976fd 100644 --- a/provider_base/files/service-definitions/v1/eip-service.json.erb +++ b/provider_base/files/service-definitions/v1/eip-service.json.erb @@ -27,6 +27,7 @@ hsh["version"] = 1 locations = {} gateways = [] + configuration = nil nodes_like_me[:services => 'openvpn'].each_node do |node| if node.openvpn.allow_limited && node.openvpn.allow_unlimited gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => false) @@ -36,13 +37,13 @@ elsif node.openvpn.allow_limited gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => true) end + if configuration && node.openvpn.configuration != configuration + log :error, "OpenVPN nodes in the environment `#{node.environment}` have conflicting `openvpn.configuration` values. This will result in bad errors." + end + configuration = node.openvpn.configuration end hsh["gateways"] = gateways.compact hsh["locations"] = locations - hsh["openvpn_configuration"] = { - "tls-cipher" => "DHE-RSA-AES128-SHA", - "auth" => "SHA1", - "cipher" => "AES-128-CBC" - } + hsh["openvpn_configuration"] = configuration JSON.sorted_generate hsh %>
\ No newline at end of file diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index 5a87335b..e5b97ed9 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -18,6 +18,11 @@ "allow_unlimited": "= provider.service.allow_unlimited_bandwidth", "limited_prefix": "= provider.ca.client_certificates.limited_prefix", "unlimited_prefix": "= provider.ca.client_certificates.unlimited_prefix", - "rate_limit": "= openvpn.allow_limited ? provider.service.bandwidth_limit : nil" + "rate_limit": "= openvpn.allow_limited ? provider.service.bandwidth_limit : nil", + "configuration": { + "tls-cipher": "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", + "auth": "SHA1", + "cipher": "AES-128-CBC" + } } } |