summaryrefslogtreecommitdiff
path: root/puppet/modules/site_openvpn
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_openvpn')
-rw-r--r--puppet/modules/site_openvpn/manifests/init.pp43
-rw-r--r--puppet/modules/site_openvpn/manifests/server_config.pp112
2 files changed, 155 insertions, 0 deletions
diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp
new file mode 100644
index 00000000..c83b98c7
--- /dev/null
+++ b/puppet/modules/site_openvpn/manifests/init.pp
@@ -0,0 +1,43 @@
+class site_openvpn {
+ package {
+ "openvpn":
+ ensure => installed;
+ }
+ service {
+ "openvpn":
+ ensure => running,
+ hasrestart => true,
+ hasstatus => true,
+ require => Exec["concat_/etc/default/openvpn"];
+ }
+ file {
+ "/etc/openvpn":
+ ensure => directory,
+ require => Package["openvpn"];
+ }
+
+ include concat::setup
+
+ concat {
+ "/etc/default/openvpn":
+ owner => root,
+ group => root,
+ mode => 644,
+ warn => true,
+ notify => Service["openvpn"];
+ }
+
+ concat::fragment {
+ "openvpn.default.header":
+ content => template("openvpn/etc-default-openvpn.erb"),
+ target => "/etc/default/openvpn",
+ order => 01;
+ }
+
+ concat::fragment {
+ "openvpn.default.autostart.${name}":
+ content => "AUTOSTART=all",
+ target => "/etc/default/openvpn",
+ order => 10;
+ }
+}
diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
new file mode 100644
index 00000000..4a130d13
--- /dev/null
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -0,0 +1,112 @@
+define site_openvpn::server_config($port, $proto) {
+ $openvpn_configname=$name
+ notice("Creating OpenVPN $openvpn_configname:
+ Port: $port, Protocol: $proto")
+
+ file {
+ "/etc/openvpn/${name}":
+ ensure => directory,
+ require => Package["openvpn"];
+ }
+
+ concat {
+ "/etc/openvpn/${openvpn_configname}.conf":
+ owner => root,
+ group => root,
+ mode => 644,
+ warn => true,
+ require => File["/etc/openvpn"],
+ notify => Service["openvpn"];
+ }
+
+
+
+ openvpn::option {
+ "ca ${openvpn_configname}":
+ key => "ca",
+ value => "/etc/openvpn/ca.crt",
+ #require => Exec["initca ${openvpn_configname}"],
+ server => "${openvpn_configname}";
+ "cert ${openvpn_configname}":
+ key => "cert",
+ value => "/etc/openvpn/${openvpn_configname}/server.crt",
+ #require => Exec["generate server cert ${openvpn_configname}"],
+ server => "${openvpn_configname}";
+ "key ${openvpn_configname}":
+ key => "key",
+ value => "/etc/openvpn/${openvpn_configname}/server.key",
+ #require => Exec["generate server cert ${openvpn_configname}"],
+ server => "${openvpn_configname}";
+ "dh ${openvpn_configname}":
+ key => "dh",
+ value => "/etc/openvpn/dh1024.pem",
+ #require => Exec["generate dh param ${openvpn_configname}"],
+ server => "${openvpn_configname}";
+ "dev $openvpn_configname":
+ key => "dev",
+ value => "tun",
+ server => "$openvpn_configname";
+ "mode ${openvpn_configname}":
+ key => 'mode',
+ value => 'server',
+ server => $openvpn_configname;
+ "script-security $openvpn_configname":
+ key => "script-security",
+ value => "3",
+ server => "$openvpn_configname";
+ "daemon $openvpn_configname":
+ key => "daemon",
+ server => "$openvpn_configname";
+ "keepalive $openvpn_configname":
+ key => "keepalive",
+ value => "10 60",
+ server => "$openvpn_configname";
+ "ping-timer-rem $openvpn_configname":
+ key => "ping-timer-rem",
+ server => "$openvpn_configname";
+ "persist-tun $openvpn_configname":
+ key => "persist-tun",
+ server => "$openvpn_configname";
+ "persist-key $openvpn_configname":
+ key => "persist-key",
+ server => "$openvpn_configname";
+ "proto $openvpn_configname":
+ key => "proto",
+ value => "$proto",
+ server => "$openvpn_configname";
+ "cipher $openvpn_configname":
+ key => "cipher",
+ value => "BF-CBC",
+ server => "$openvpn_configname";
+ "local $openvpn_configname":
+ key => "local",
+ value => $ipaddress,
+ server => "$openvpn_configname";
+ "tls-server $openvpn_configname":
+ key => "tls-server",
+ server => "$openvpn_configname";
+ #"server $openvpn_configname":
+ # key => "server",
+ # value => "$server",
+ # server => "$openvpn_configname";
+ "lport $openvpn_configname":
+ key => "lport",
+ value => "$port",
+ server => "$openvpn_configname";
+ "management $openvpn_configname":
+ key => "management",
+ value => "/var/run/openvpn-$openvpn_configname.sock unix",
+ server => "$openvpn_configname";
+ "comp-lzo $openvpn_configname":
+ key => "comp-lzo",
+ server => "$openvpn_configname";
+ "topology $openvpn_configname":
+ key => "topology",
+ value => "subnet",
+ server => "$openvpn_configname";
+ #"client-to-client $openvpn_configname":
+ # key => "client-to-client",
+ # server => "$openvpn_configname";
+ }
+
+}