summaryrefslogtreecommitdiff
path: root/puppet/modules
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules')
-rw-r--r--puppet/modules/site_openvpn/manifests/server_config.pp137
1 files changed, 67 insertions, 70 deletions
diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
index 5a47954a..320a4add 100644
--- a/puppet/modules/site_openvpn/manifests/server_config.pp
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -1,8 +1,8 @@
define site_openvpn::server_config($port, $proto) {
$openvpn_configname = $name
- notice("Creating OpenVPN $openvpn_configname:
- Port: $port, Protocol: $proto")
+ #notice("Creating OpenVPN $openvpn_configname:
+ # Port: $port, Protocol: $proto")
concat {
"/etc/openvpn/$openvpn_configname.conf":
@@ -21,81 +21,78 @@ define site_openvpn::server_config($port, $proto) {
server => $openvpn_configname;
"cert $openvpn_configname":
key => 'cert',
- value => "/etc/openvpn/keys/server.crt",
+ value => '/etc/openvpn/keys/server.crt',
server => $openvpn_configname;
"key $openvpn_configname":
- key => "key",
- value => "/etc/openvpn/keys/server.key",
- server => "$openvpn_configname";
+ key => 'key',
+ value => '/etc/openvpn/keys/server.key',
+ server => $openvpn_configname;
"dh $openvpn_configname":
- key => "dh",
- value => "/etc/openvpn/keys/dh1024.pem",
- server => "$openvpn_configname";
+ key => 'dh',
+ value => '/etc/openvpn/keys/dh1024.pem',
+ server => $openvpn_configname;
+
"dev $openvpn_configname":
- key => "dev",
- value => "tun",
- server => "$openvpn_configname";
- "mode $openvpn_configname":
- key => 'mode',
- value => 'server',
- server => $openvpn_configname;
- "script-security $openvpn_configname":
- key => "script-security",
- value => "3",
- server => "$openvpn_configname";
- "daemon $openvpn_configname":
- key => "daemon",
- server => "$openvpn_configname";
+ key => 'dev',
+ value => 'tun',
+ server => $openvpn_configname;
+ "duplicate-cn $openvpn_configname":
+ key => 'duplicate-cn',
+ server => $openvpn_configname;
"keepalive $openvpn_configname":
- key => "keepalive",
- value => "10 60",
- server => "$openvpn_configname";
- "ping-timer-rem $openvpn_configname":
- key => "ping-timer-rem",
- server => "$openvpn_configname";
- "persist-tun $openvpn_configname":
- key => "persist-tun",
- server => "$openvpn_configname";
- "persist-key $openvpn_configname":
- key => "persist-key",
- server => "$openvpn_configname";
- "proto $openvpn_configname":
- key => "proto",
- value => "$proto",
- server => "$openvpn_configname";
- "cipher $openvpn_configname":
- key => "cipher",
- value => "BF-CBC",
- server => "$openvpn_configname";
+ key => 'keepalive',
+ value => '5 20',
+ server => $openvpn_configname;
"local $openvpn_configname":
- key => "local",
- value => $ipaddress,
- server => "$openvpn_configname";
- "tls-server $openvpn_configname":
- key => "tls-server",
- server => "$openvpn_configname";
- #"server $openvpn_configname":
- # key => "server",
- # value => "$server",
- # server => "$openvpn_configname";
- "lport $openvpn_configname":
- key => "lport",
- value => "$port",
- server => "$openvpn_configname";
+ key => 'local',
+ value => $::ipaddress,
+ server => $openvpn_configname;
+ "mute $openvpn_configname":
+ key => 'mute',
+ value => '5',
+ server => $openvpn_configname;
+ "mute-replay-warnings $openvpn_configname":
+ key => 'mute-replay-warnings',
+ server => $openvpn_configname;
"management $openvpn_configname":
- key => "management",
- value => "/var/run/openvpn-$openvpn_configname.sock unix",
- server => "$openvpn_configname";
- "comp-lzo $openvpn_configname":
- key => "comp-lzo",
- server => "$openvpn_configname";
+ key => 'management',
+ value => '127.0.0.1 1000',
+ server => $openvpn_configname;
+ "proto $openvpn_configname":
+ key => 'proto',
+ value => $proto,
+ server => $openvpn_configname;
+ "push $openvpn_configname":
+ key => 'push',
+ value => "\"redirect-gateway def1\"",
+ server => $openvpn_configname;
+ "script-security $openvpn_configname":
+ key => 'script-security',
+ value => '2',
+ server => $openvpn_configname;
+ "server $openvpn_configname":
+ key => 'server',
+ value => "10.42.0.0 255.255.248.0",
+ server => $openvpn_configname;
+ "status $openvpn_configname":
+ key => 'status',
+ value => '/var/run/openvpn-status 10',
+ server => $openvpn_configname;
+ "status-version $openvpn_configname":
+ key => 'status-version',
+ value => '3',
+ server => $openvpn_configname;
"topology $openvpn_configname":
- key => "topology",
- value => "subnet",
- server => "$openvpn_configname";
- #"client-to-client $openvpn_configname":
- # key => "client-to-client",
- # server => "$openvpn_configname";
+ key => 'topology',
+ value => 'subnet',
+ server => $openvpn_configname;
+ "up $openvpn_configname":
+ key => 'up',
+ value => '/etc/openvpn/server-up.sh',
+ server => $openvpn_configname;
+ "verb $openvpn_configname":
+ key => 'verb',
+ value => '3',
+ server => $openvpn_configname;
}
-
}