diff options
| -rw-r--r-- | puppet/modules/site_openvpn/manifests/init.pp | 33 | ||||
| -rw-r--r-- | puppet/modules/site_shorewall/manifests/eip.pp | 16 |
2 files changed, 30 insertions, 19 deletions
diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp index 9bfffa6f..685871bd 100644 --- a/puppet/modules/site_openvpn/manifests/init.pp +++ b/puppet/modules/site_openvpn/manifests/init.pp @@ -22,11 +22,16 @@ class site_openvpn { $openvpn_config = hiera('openvpn') $x509_config = hiera('x509') $openvpn_ports = $openvpn_config['ports'] - $openvpn_gateway_address = $openvpn_config['gateway_address'] - if $openvpn_config['second_gateway_address'] { - $openvpn_second_gateway_address = $openvpn_config['second_gateway_address'] + + if $::ec2_instance_id { + $openvpn_gateway_address = $::ipaddress } else { - $openvpn_second_gateway_address = undef + $openvpn_gateway_address = $openvpn_config['gateway_address'] + if $openvpn_config['second_gateway_address'] { + $openvpn_second_gateway_address = $openvpn_config['second_gateway_address'] + } else { + $openvpn_second_gateway_address = undef + } } $openvpn_allow_unlimited = $openvpn_config['allow_unlimited'] @@ -38,15 +43,17 @@ class site_openvpn { $openvpn_unlimited_udp_netmask = '255.255.248.0' $openvpn_unlimited_udp_cidr = '21' - $openvpn_allow_limited = $openvpn_config['allow_limited'] - $openvpn_limited_prefix = $openvpn_config['limited_prefix'] - $openvpn_rate_limit = $openvpn_config['rate_limit'] - $openvpn_limited_tcp_network_prefix = '10.43.0' - $openvpn_limited_tcp_netmask = '255.255.248.0' - $openvpn_limited_tcp_cidr = '21' - $openvpn_limited_udp_network_prefix = '10.44.0' - $openvpn_limited_udp_netmask = '255.255.248.0' - $openvpn_limited_udp_cidr = '21' + if !$::ec2_instance_id { + $openvpn_allow_limited = $openvpn_config['allow_limited'] + $openvpn_limited_prefix = $openvpn_config['limited_prefix'] + $openvpn_rate_limit = $openvpn_config['rate_limit'] + $openvpn_limited_tcp_network_prefix = '10.43.0' + $openvpn_limited_tcp_netmask = '255.255.248.0' + $openvpn_limited_tcp_cidr = '21' + $openvpn_limited_udp_network_prefix = '10.44.0' + $openvpn_limited_udp_netmask = '255.255.248.0' + $openvpn_limited_udp_cidr = '21' + } # deploy ca + server keys include site_openvpn::keys diff --git a/puppet/modules/site_shorewall/manifests/eip.pp b/puppet/modules/site_shorewall/manifests/eip.pp index 8a986d28..7109b770 100644 --- a/puppet/modules/site_shorewall/manifests/eip.pp +++ b/puppet/modules/site_shorewall/manifests/eip.pp @@ -42,12 +42,16 @@ class site_shorewall::eip { "${interface}_unlimited_udp": interface => $interface, source => "${site_openvpn::openvpn_unlimited_udp_network_prefix}.0/${site_openvpn::openvpn_unlimited_udp_cidr}"; - "${interface}_limited_tcp": - interface => $interface, - source => "${site_openvpn::openvpn_limited_tcp_network_prefix}.0/${site_openvpn::openvpn_limited_tcp_cidr}"; - "${interface}_limited_udp": - interface => $interface, - source => "${site_openvpn::openvpn_limited_udp_network_prefix}.0/${site_openvpn::openvpn_limited_udp_cidr}"; + } + if ! $::ec2_instance_id { + shorewall::masq { + "${interface}_limited_tcp": + interface => $interface, + source => "${site_openvpn::openvpn_limited_tcp_network_prefix}.0/${site_openvpn::openvpn_limited_tcp_cidr}"; + "${interface}_limited_udp": + interface => $interface, + source => "${site_openvpn::openvpn_limited_udp_network_prefix}.0/${site_openvpn::openvpn_limited_udp_cidr}"; + } } shorewall::policy { |