diff options
author | elijah <elijah@riseup.net> | 2013-01-29 13:00:40 -0800 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2013-01-29 13:00:40 -0800 |
commit | a48160a4861dcfffb661bcbf8783ecdb84cbf3e6 (patch) | |
tree | 3ccdca5927a16fddbd44415ee52c6101a598d3de /puppet | |
parent | 93054f283f7f6e4e04fa9ddf901158654a62e9df (diff) |
added support for client ca cert in site openvpn.
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/modules/site_openvpn/manifests/keys.pp | 6 | ||||
-rw-r--r-- | puppet/modules/site_openvpn/manifests/server_config.pp | 4 |
2 files changed, 10 insertions, 0 deletions
diff --git a/puppet/modules/site_openvpn/manifests/keys.pp b/puppet/modules/site_openvpn/manifests/keys.pp index 4c43ec05..78902676 100644 --- a/puppet/modules/site_openvpn/manifests/keys.pp +++ b/puppet/modules/site_openvpn/manifests/keys.pp @@ -13,6 +13,12 @@ class site_openvpn::keys { } x509::ca { + 'leap_client_ca': + content => $site_openvpn::x509_config['client_ca_cert'], + notify => Service[openvpn]; + } + + x509::ca { 'leap_openvpn': content => $site_openvpn::x509_config['ca_cert'], notify => Service[openvpn]; diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp index c4f64225..da40529c 100644 --- a/puppet/modules/site_openvpn/manifests/server_config.pp +++ b/puppet/modules/site_openvpn/manifests/server_config.pp @@ -69,6 +69,10 @@ define site_openvpn::server_config ($port, $proto, $local, $server, $push, $mana openvpn::option { "ca $openvpn_configname": key => 'ca', + value => '/usr/local/share/ca-certificates/leap_client_ca.crt', + server => $openvpn_configname; + "ca $openvpn_configname": + key => 'ca', value => '/usr/local/share/ca-certificates/leap_openvpn.crt', server => $openvpn_configname; "cert $openvpn_configname": |