diff options
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/modules/site_openvpn/manifests/init.pp | 13 | ||||
-rw-r--r-- | puppet/modules/site_openvpn/manifests/server_config.pp | 48 |
2 files changed, 31 insertions, 30 deletions
diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp index 4f900623..b2bb0d3a 100644 --- a/puppet/modules/site_openvpn/manifests/init.pp +++ b/puppet/modules/site_openvpn/manifests/init.pp @@ -5,8 +5,9 @@ # (2) unlimited only # (3) limited only # -# The difference is that 'unlimited' gateways only allow client certs that match the 'unlimited_prefix', -# and 'limited' gateways only allow certs that match the 'limited_prefix'. +# The difference is that 'unlimited' gateways only allow client certs that match +# the 'unlimited_prefix', and 'limited' gateways only allow certs that match the +# 'limited_prefix'. # # We potentially create four openvpn config files (thus four daemons): # @@ -89,8 +90,8 @@ class site_openvpn { management => '127.0.0.1 1001' } } else { - tidy { "/etc/openvpn/tcp_config.conf": } - tidy { "/etc/openvpn/udp_config.conf": } + tidy { '/etc/openvpn/tcp_config.conf': } + tidy { '/etc/openvpn/udp_config.conf': } } if $openvpn_allow_limited { @@ -113,8 +114,8 @@ class site_openvpn { management => '127.0.0.1 1003' } } else { - tidy { "/etc/openvpn/limited_tcp_config.conf": } - tidy { "/etc/openvpn/limited_udp_config.conf": } + tidy { '/etc/openvpn/limited_tcp_config.conf': } + tidy { '/etc/openvpn/limited_udp_config.conf': } } file { diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp index 6106cfbb..a53019a8 100644 --- a/puppet/modules/site_openvpn/manifests/server_config.pp +++ b/puppet/modules/site_openvpn/manifests/server_config.pp @@ -70,7 +70,7 @@ define site_openvpn::server_config( if $tls_remote != undef { openvpn::option { - "tls-remote $openvpn_configname": + 'tls-remote $openvpn_configname': key => 'tls-remote', value => $tls_remote, server => $openvpn_configname; @@ -78,89 +78,89 @@ define site_openvpn::server_config( } openvpn::option { - "ca $openvpn_configname": + "ca ${openvpn_configname}": key => 'ca', value => '/etc/openvpn/ca_bundle.pem', server => $openvpn_configname; - "cert $openvpn_configname": + "cert ${openvpn_configname}": key => 'cert', value => '/etc/x509/certs/leap_openvpn.crt', server => $openvpn_configname; - "key $openvpn_configname": + "key ${openvpn_configname}": key => 'key', value => '/etc/x509/keys/leap_openvpn.key', server => $openvpn_configname; - "dh $openvpn_configname": + "dh ${openvpn_configname}": key => 'dh', value => '/etc/openvpn/keys/dh.pem', server => $openvpn_configname; - "tls-cipher $openvpn_configname": + "tls-cipher ${openvpn_configname}": key => 'tls-cipher', value => 'DHE-RSA-AES128-SHA', server => $openvpn_configname; - "auth $openvpn_configname": + "auth ${openvpn_configname}": key => 'auth', value => 'SHA1', server => $openvpn_configname; - "cipher $openvpn_configname": + "cipher ${openvpn_configname}": key => 'cipher', value => 'AES-128-CBC', server => $openvpn_configname; - "dev $openvpn_configname": + "dev ${openvpn_configname}": key => 'dev', value => 'tun', server => $openvpn_configname; - "duplicate-cn $openvpn_configname": + "duplicate-cn ${openvpn_configname}": key => 'duplicate-cn', server => $openvpn_configname; - "keepalive $openvpn_configname": + "keepalive ${openvpn_configname}": key => 'keepalive', value => '5 20', server => $openvpn_configname; - "local $openvpn_configname": + "local ${openvpn_configname}": key => 'local', value => $local, server => $openvpn_configname; - "mute $openvpn_configname": + "mute ${openvpn_configname}": key => 'mute', value => '5', server => $openvpn_configname; - "mute-replay-warnings $openvpn_configname": + "mute-replay-warnings ${openvpn_configname}": key => 'mute-replay-warnings', server => $openvpn_configname; - "management $openvpn_configname": + "management ${openvpn_configname}": key => 'management', value => $management, server => $openvpn_configname; - "proto $openvpn_configname": + "proto ${openvpn_configname}": key => 'proto', value => $proto, server => $openvpn_configname; - "push1 $openvpn_configname": + "push1 ${openvpn_configname}": key => 'push', value => $push, server => $openvpn_configname; - "push2 $openvpn_configname": + "push2 ${openvpn_configname}": key => 'push', value => '"redirect-gateway def1"', server => $openvpn_configname; - "script-security $openvpn_configname": + "script-security ${openvpn_configname}": key => 'script-security', value => '2', server => $openvpn_configname; - "server $openvpn_configname": + "server ${openvpn_configname}": key => 'server', value => $server, server => $openvpn_configname; - "status $openvpn_configname": + "status ${openvpn_configname}": key => 'status', value => '/var/run/openvpn-status 10', server => $openvpn_configname; - "status-version $openvpn_configname": + "status-version ${openvpn_configname}": key => 'status-version', value => '3', server => $openvpn_configname; - "topology $openvpn_configname": + "topology ${openvpn_configname}": key => 'topology', value => 'subnet', server => $openvpn_configname; @@ -169,7 +169,7 @@ define site_openvpn::server_config( # key => 'up', # value => '/etc/openvpn/server-up.sh', # server => $openvpn_configname; - "verb $openvpn_configname": + "verb ${openvpn_configname}": key => 'verb', value => '3', server => $openvpn_configname; |