diff options
Diffstat (limited to 'puppet/modules/site_openvpn/manifests/server_config.pp')
| -rw-r--r-- | puppet/modules/site_openvpn/manifests/server_config.pp | 190 |
1 files changed, 91 insertions, 99 deletions
diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp index 4a130d13..441a21e3 100644 --- a/puppet/modules/site_openvpn/manifests/server_config.pp +++ b/puppet/modules/site_openvpn/manifests/server_config.pp @@ -1,112 +1,104 @@ -define site_openvpn::server_config($port, $proto) { - $openvpn_configname=$name - notice("Creating OpenVPN $openvpn_configname: - Port: $port, Protocol: $proto") +define site_openvpn::server_config ($port, $proto, $local, $server, $push, $management ) { - file { - "/etc/openvpn/${name}": - ensure => directory, - require => Package["openvpn"]; - } + $openvpn_configname = $name - concat { - "/etc/openvpn/${openvpn_configname}.conf": - owner => root, - group => root, - mode => 644, - warn => true, - require => File["/etc/openvpn"], - notify => Service["openvpn"]; - } + #notice("Creating OpenVPN $openvpn_configname: + # Port: $port, Protocol: $proto") + concat { + "/etc/openvpn/$openvpn_configname.conf": + owner => root, + group => root, + mode => 644, + warn => true, + require => File['/etc/openvpn'], + notify => Service['openvpn']; + } openvpn::option { - "ca ${openvpn_configname}": - key => "ca", - value => "/etc/openvpn/ca.crt", - #require => Exec["initca ${openvpn_configname}"], - server => "${openvpn_configname}"; - "cert ${openvpn_configname}": - key => "cert", - value => "/etc/openvpn/${openvpn_configname}/server.crt", - #require => Exec["generate server cert ${openvpn_configname}"], - server => "${openvpn_configname}"; - "key ${openvpn_configname}": - key => "key", - value => "/etc/openvpn/${openvpn_configname}/server.key", - #require => Exec["generate server cert ${openvpn_configname}"], - server => "${openvpn_configname}"; - "dh ${openvpn_configname}": - key => "dh", - value => "/etc/openvpn/dh1024.pem", - #require => Exec["generate dh param ${openvpn_configname}"], - server => "${openvpn_configname}"; + "ca $openvpn_configname": + key => 'ca', + value => '/etc/openvpn/keys/ca.crt', + server => $openvpn_configname; + "cert $openvpn_configname": + key => 'cert', + value => '/etc/openvpn/keys/server.crt', + server => $openvpn_configname; + "key $openvpn_configname": + key => 'key', + value => '/etc/openvpn/keys/server.key', + server => $openvpn_configname; + "dh $openvpn_configname": + key => 'dh', + value => '/etc/openvpn/keys/dh.pem', + server => $openvpn_configname; + "dev $openvpn_configname": - key => "dev", - value => "tun", - server => "$openvpn_configname"; - "mode ${openvpn_configname}": - key => 'mode', - value => 'server', - server => $openvpn_configname; - "script-security $openvpn_configname": - key => "script-security", - value => "3", - server => "$openvpn_configname"; - "daemon $openvpn_configname": - key => "daemon", - server => "$openvpn_configname"; + key => 'dev', + value => 'tun', + server => $openvpn_configname; + "duplicate-cn $openvpn_configname": + key => 'duplicate-cn', + server => $openvpn_configname; "keepalive $openvpn_configname": - key => "keepalive", - value => "10 60", - server => "$openvpn_configname"; - "ping-timer-rem $openvpn_configname": - key => "ping-timer-rem", - server => "$openvpn_configname"; - "persist-tun $openvpn_configname": - key => "persist-tun", - server => "$openvpn_configname"; - "persist-key $openvpn_configname": - key => "persist-key", - server => "$openvpn_configname"; - "proto $openvpn_configname": - key => "proto", - value => "$proto", - server => "$openvpn_configname"; - "cipher $openvpn_configname": - key => "cipher", - value => "BF-CBC", - server => "$openvpn_configname"; + key => 'keepalive', + value => '5 20', + server => $openvpn_configname; "local $openvpn_configname": - key => "local", - value => $ipaddress, - server => "$openvpn_configname"; - "tls-server $openvpn_configname": - key => "tls-server", - server => "$openvpn_configname"; - #"server $openvpn_configname": - # key => "server", - # value => "$server", - # server => "$openvpn_configname"; - "lport $openvpn_configname": - key => "lport", - value => "$port", - server => "$openvpn_configname"; + key => 'local', + value => $local, + server => $openvpn_configname; + "mute $openvpn_configname": + key => 'mute', + value => '5', + server => $openvpn_configname; + "mute-replay-warnings $openvpn_configname": + key => 'mute-replay-warnings', + server => $openvpn_configname; "management $openvpn_configname": - key => "management", - value => "/var/run/openvpn-$openvpn_configname.sock unix", - server => "$openvpn_configname"; - "comp-lzo $openvpn_configname": - key => "comp-lzo", - server => "$openvpn_configname"; + key => 'management', + value => $management, + server => $openvpn_configname; + "proto $openvpn_configname": + key => 'proto', + value => $proto, + server => $openvpn_configname; + "push1 $openvpn_configname": + key => 'push', + value => $push, + server => $openvpn_configname; + "push2 $openvpn_configname": + key => 'push', + value => '"redirect-gateway def1"', + server => $openvpn_configname; + "script-security $openvpn_configname": + key => 'script-security', + value => '2', + server => $openvpn_configname; + "server $openvpn_configname": + key => 'server', + value => "$server", + server => $openvpn_configname; + "status $openvpn_configname": + key => 'status', + value => '/var/run/openvpn-status 10', + server => $openvpn_configname; + "status-version $openvpn_configname": + key => 'status-version', + value => '3', + server => $openvpn_configname; "topology $openvpn_configname": - key => "topology", - value => "subnet", - server => "$openvpn_configname"; - #"client-to-client $openvpn_configname": - # key => "client-to-client", - # server => "$openvpn_configname"; + key => 'topology', + value => 'subnet', + server => $openvpn_configname; + "up $openvpn_configname": + key => 'up', + value => '/etc/openvpn/server-up.sh', + server => $openvpn_configname; + "verb $openvpn_configname": + key => 'verb', + value => '3', + server => $openvpn_configname; } - } |