summaryrefslogtreecommitdiff
path: root/puppet/modules/openvpn/Readme.markdown
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/openvpn/Readme.markdown')
-rw-r--r--puppet/modules/openvpn/Readme.markdown123
1 files changed, 123 insertions, 0 deletions
diff --git a/puppet/modules/openvpn/Readme.markdown b/puppet/modules/openvpn/Readme.markdown
new file mode 100644
index 00000000..d2a1f67b
--- /dev/null
+++ b/puppet/modules/openvpn/Readme.markdown
@@ -0,0 +1,123 @@
+# OpenVPN Puppet module
+
+OpenVPN module for puppet including client config/cert creation (tarball to download)
+
+## Dependencies
+ - [puppet-concat](https://github.com/ripienaar/puppet-concat)
+
+## Supported OS
+ - Debian Squeeze (should, as it works on Ubuntu Lucid)
+ - Ubuntu 10.4, 12.04 (other untested)
+ - CentOS
+
+## Example
+
+ # add a server instance
+ openvpn::server {
+ "server1":
+ country => "CH",
+ province => "ZH",
+ city => "Winterthur",
+ organization => "example.org",
+ email => "root@example.org";
+ }
+
+ # configure server
+ openvpn::option {
+ "dev server1":
+ key => "dev",
+ value => "tun0",
+ server => "server1";
+ "script-security server1":
+ key => "script-security",
+ value => "3",
+ server => "server1";
+ "daemon server1":
+ key => "daemon",
+ server => "server1";
+ "keepalive server1":
+ key => "keepalive",
+ value => "10 60",
+ server => "server1";
+ "ping-timer-rem server1":
+ key => "ping-timer-rem",
+ server => "server1";
+ "persist-tun server1":
+ key => "persist-tun",
+ server => "server1";
+ "persist-key server1":
+ key => "persist-key",
+ server => "server1";
+ "proto server1":
+ key => "proto",
+ value => "tcp-server",
+ server => "server1";
+ "cipher server1":
+ key => "cipher",
+ value => "BF-CBC",
+ server => "server1";
+ "local server1":
+ key => "local",
+ value => $ipaddress,
+ server => "server1";
+ "tls-server server1":
+ key => "tls-server",
+ server => "server1";
+ "server server1":
+ key => "server",
+ value => "10.10.10.0 255.255.255.0",
+ server => "server1";
+ "lport server1":
+ key => "lport",
+ value => "1194",
+ server => "server1";
+ "management server1":
+ key => "management",
+ value => "/var/run/openvpn-server1.sock unix",
+ server => "server1";
+ "comp-lzo server1":
+ key => "comp-lzo",
+ server => "server1";
+ "topology server1":
+ key => "topology",
+ value => "subnet",
+ server => "server1";
+ "client-to-client server1":
+ key => "client-to-client",
+ server => "server1";
+ }
+
+
+ # define clients
+ openvpn::client {
+ [ "client1.example.org", "client2.example.org" ]:
+ server => "server1";
+ }
+
+ # add options to the client-config-dir file
+ openvpn::option {
+ "iroute server1 client1.example.org home network":
+ key => "iroute",
+ value => "192.168.0.0 255.255.255.0",
+ client => "client1.example.org",
+ server => "server1",
+ csc => true;
+ }
+
+ # add an option to the client config
+ openvpn::option {
+ "ifconfig server1 client2.example.org":
+ key => "ifconfig-push",
+ value => "10.10.10.2 255.255.255.0",
+ client => "client2.example.org",
+ server => "server1";
+ }
+
+Don't forget the [sysctl](https://github.com/luxflux/puppet-sysctl) directive ```net.ipv4.ip_forward```!
+
+
+# Contributors
+
+These fine folks helped to get this far with this module:
+* [@jlk](https://github.com/jlk)
+* [@jlambert121](https://github.com/jlambert121)