2 files changed, 21 insertions, 10 deletions

diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
index 97cf2842..466f6d00 100644
--- a/puppet/modules/site_openvpn/manifests/server_config.pp
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -85,6 +85,18 @@ define site_openvpn::server_config(
         key     => 'tcp-nodelay',
         server  => $openvpn_configname;
     }
+  } elsif $proto == 'udp' {
+    if $config['fragment'] != 1500 {
+      openvpn::option {
+        "fragment ${openvpn_configname}":
+          key    => 'fragment',
+          value  => $config['fragment'],
+          server => $openvpn_configname;
+        "mssfix ${openvpn_configname}":
+          key    => 'mssfix',
+          server => $openvpn_configname;
+      }
+    }
   }
 
   openvpn::option {
diff --git a/puppet/modules/site_tor/manifests/init.pp b/puppet/modules/site_tor/manifests/init.pp
index e62cb12d..9944bb2b 100644
--- a/puppet/modules/site_tor/manifests/init.pp
+++ b/puppet/modules/site_tor/manifests/init.pp
@@ -13,21 +13,20 @@ class site_tor {
 
   class { 'tor::daemon': }
   tor::daemon::relay { $nickname:
-    port             => 9001,
-    address          => $address,
-    contact_info     => obfuscate_email($contact_emails),
-    bandwidth_rate   => $bandwidth_rate,
-    my_family        => $family
+    port           => 9001,
+    address        => $address,
+    contact_info   => obfuscate_email($contact_emails),
+    bandwidth_rate => $bandwidth_rate,
+    my_family      => $family
   }
 
   if ( $tor_type == 'exit'){
-    tor::daemon::directory { $::hostname: port => 80 }
+    # Only enable the daemon directory if the node isn't also a webapp node
+    if ! member($::services, 'webapp') {
+      tor::daemon::directory { $::hostname: port => 80 }
+    }
   }
   else {
-    tor::daemon::directory { $::hostname:
-      port            => 80,
-      port_front_page => '';
-    }
     include site_tor::disable_exit
   }