diff options
author | elijah <elijah@riseup.net> | 2014-05-13 02:22:05 -0700 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2014-05-13 02:22:05 -0700 |
commit | 3ef044034b51d992d6952a9c6b9d16cba16abc30 (patch) | |
tree | 054f916cdce3533db9270c715a5ff65460022de4 /puppet/modules | |
parent | a3f923e66b05ffc12037b239995f463f81ea229d (diff) |
openvpn server config: script-security should be "1", since we don't need "2"; add tcp-nodelay to tcp servers.
Diffstat (limited to 'puppet/modules')
-rw-r--r-- | puppet/modules/site_openvpn/manifests/server_config.pp | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp index cbc5f68e..97cf2842 100644 --- a/puppet/modules/site_openvpn/manifests/server_config.pp +++ b/puppet/modules/site_openvpn/manifests/server_config.pp @@ -78,6 +78,15 @@ define site_openvpn::server_config( } } + # according to openvpn man page: tcp-nodelay is a "generally a good latency optimization". + if $proto == 'tcp' { + openvpn::option { + "tcp-nodelay ${openvpn_configname}": + key => 'tcp-nodelay', + server => $openvpn_configname; + } + } + openvpn::option { "ca ${openvpn_configname}": key => 'ca', @@ -154,7 +163,7 @@ define site_openvpn::server_config( server => $openvpn_configname; "script-security ${openvpn_configname}": key => 'script-security', - value => '2', + value => '1', server => $openvpn_configname; "server ${openvpn_configname}": key => 'server', @@ -176,11 +185,6 @@ define site_openvpn::server_config( key => 'topology', value => 'subnet', server => $openvpn_configname; - # no need for server-up.sh right now - #"up $openvpn_configname": - # key => 'up', - # value => '/etc/openvpn/server-up.sh', - # server => $openvpn_configname; "verb ${openvpn_configname}": key => 'verb', value => '3', |