summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--puppet/modules/site_openvpn/manifests/init.pp33
-rw-r--r--puppet/modules/site_shorewall/manifests/eip.pp16
2 files changed, 30 insertions, 19 deletions
diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp
index 9bfffa6f..685871bd 100644
--- a/puppet/modules/site_openvpn/manifests/init.pp
+++ b/puppet/modules/site_openvpn/manifests/init.pp
@@ -22,11 +22,16 @@ class site_openvpn {
$openvpn_config = hiera('openvpn')
$x509_config = hiera('x509')
$openvpn_ports = $openvpn_config['ports']
- $openvpn_gateway_address = $openvpn_config['gateway_address']
- if $openvpn_config['second_gateway_address'] {
- $openvpn_second_gateway_address = $openvpn_config['second_gateway_address']
+
+ if $::ec2_instance_id {
+ $openvpn_gateway_address = $::ipaddress
} else {
- $openvpn_second_gateway_address = undef
+ $openvpn_gateway_address = $openvpn_config['gateway_address']
+ if $openvpn_config['second_gateway_address'] {
+ $openvpn_second_gateway_address = $openvpn_config['second_gateway_address']
+ } else {
+ $openvpn_second_gateway_address = undef
+ }
}
$openvpn_allow_unlimited = $openvpn_config['allow_unlimited']
@@ -38,15 +43,17 @@ class site_openvpn {
$openvpn_unlimited_udp_netmask = '255.255.248.0'
$openvpn_unlimited_udp_cidr = '21'
- $openvpn_allow_limited = $openvpn_config['allow_limited']
- $openvpn_limited_prefix = $openvpn_config['limited_prefix']
- $openvpn_rate_limit = $openvpn_config['rate_limit']
- $openvpn_limited_tcp_network_prefix = '10.43.0'
- $openvpn_limited_tcp_netmask = '255.255.248.0'
- $openvpn_limited_tcp_cidr = '21'
- $openvpn_limited_udp_network_prefix = '10.44.0'
- $openvpn_limited_udp_netmask = '255.255.248.0'
- $openvpn_limited_udp_cidr = '21'
+ if !$::ec2_instance_id {
+ $openvpn_allow_limited = $openvpn_config['allow_limited']
+ $openvpn_limited_prefix = $openvpn_config['limited_prefix']
+ $openvpn_rate_limit = $openvpn_config['rate_limit']
+ $openvpn_limited_tcp_network_prefix = '10.43.0'
+ $openvpn_limited_tcp_netmask = '255.255.248.0'
+ $openvpn_limited_tcp_cidr = '21'
+ $openvpn_limited_udp_network_prefix = '10.44.0'
+ $openvpn_limited_udp_netmask = '255.255.248.0'
+ $openvpn_limited_udp_cidr = '21'
+ }
# deploy ca + server keys
include site_openvpn::keys
diff --git a/puppet/modules/site_shorewall/manifests/eip.pp b/puppet/modules/site_shorewall/manifests/eip.pp
index 8a986d28..7109b770 100644
--- a/puppet/modules/site_shorewall/manifests/eip.pp
+++ b/puppet/modules/site_shorewall/manifests/eip.pp
@@ -42,12 +42,16 @@ class site_shorewall::eip {
"${interface}_unlimited_udp":
interface => $interface,
source => "${site_openvpn::openvpn_unlimited_udp_network_prefix}.0/${site_openvpn::openvpn_unlimited_udp_cidr}";
- "${interface}_limited_tcp":
- interface => $interface,
- source => "${site_openvpn::openvpn_limited_tcp_network_prefix}.0/${site_openvpn::openvpn_limited_tcp_cidr}";
- "${interface}_limited_udp":
- interface => $interface,
- source => "${site_openvpn::openvpn_limited_udp_network_prefix}.0/${site_openvpn::openvpn_limited_udp_cidr}";
+ }
+ if ! $::ec2_instance_id {
+ shorewall::masq {
+ "${interface}_limited_tcp":
+ interface => $interface,
+ source => "${site_openvpn::openvpn_limited_tcp_network_prefix}.0/${site_openvpn::openvpn_limited_tcp_cidr}";
+ "${interface}_limited_udp":
+ interface => $interface,
+ source => "${site_openvpn::openvpn_limited_udp_network_prefix}.0/${site_openvpn::openvpn_limited_udp_cidr}";
+ }
}
shorewall::policy {