summaryrefslogtreecommitdiff
path: root/provider_base
diff options
context:
space:
mode:
authorvarac <varac@users.noreply.github.com>2014-04-02 13:34:48 +0200
committervarac <varac@users.noreply.github.com>2014-04-02 13:34:48 +0200
commitb90131d565ca5e4dd6f148a520e3b2ff94e8cce9 (patch)
treed8f095e23d13d93c5f758ad08f52db173bade220 /provider_base
parent0e6c5cad63c038c0719ac409bb3cf02b8019f7ad (diff)
parent222fd1568d7af9ea953a4d6179578da5994ea1fd (diff)
Merge pull request #20 from elijh/feature/openvpn-config
allow ability to customize openvpn security options
Diffstat (limited to 'provider_base')
-rw-r--r--provider_base/files/service-definitions/v1/eip-service.json.erb11
-rw-r--r--provider_base/services/openvpn.json7
2 files changed, 12 insertions, 6 deletions
diff --git a/provider_base/files/service-definitions/v1/eip-service.json.erb b/provider_base/files/service-definitions/v1/eip-service.json.erb
index feaea25b..3b8976fd 100644
--- a/provider_base/files/service-definitions/v1/eip-service.json.erb
+++ b/provider_base/files/service-definitions/v1/eip-service.json.erb
@@ -27,6 +27,7 @@
hsh["version"] = 1
locations = {}
gateways = []
+ configuration = nil
nodes_like_me[:services => 'openvpn'].each_node do |node|
if node.openvpn.allow_limited && node.openvpn.allow_unlimited
gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => false)
@@ -36,13 +37,13 @@
elsif node.openvpn.allow_limited
gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => true)
end
+ if configuration && node.openvpn.configuration != configuration
+ log :error, "OpenVPN nodes in the environment `#{node.environment}` have conflicting `openvpn.configuration` values. This will result in bad errors."
+ end
+ configuration = node.openvpn.configuration
end
hsh["gateways"] = gateways.compact
hsh["locations"] = locations
- hsh["openvpn_configuration"] = {
- "tls-cipher" => "DHE-RSA-AES128-SHA",
- "auth" => "SHA1",
- "cipher" => "AES-128-CBC"
- }
+ hsh["openvpn_configuration"] = configuration
JSON.sorted_generate hsh
%> \ No newline at end of file
diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json
index 5a87335b..e5b97ed9 100644
--- a/provider_base/services/openvpn.json
+++ b/provider_base/services/openvpn.json
@@ -18,6 +18,11 @@
"allow_unlimited": "= provider.service.allow_unlimited_bandwidth",
"limited_prefix": "= provider.ca.client_certificates.limited_prefix",
"unlimited_prefix": "= provider.ca.client_certificates.unlimited_prefix",
- "rate_limit": "= openvpn.allow_limited ? provider.service.bandwidth_limit : nil"
+ "rate_limit": "= openvpn.allow_limited ? provider.service.bandwidth_limit : nil",
+ "configuration": {
+ "tls-cipher": "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
+ "auth": "SHA1",
+ "cipher": "AES-128-CBC"
+ }
}
}