summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/modules/site_openvpn/manifests/init.pp13
-rw-r--r--puppet/modules/site_openvpn/manifests/server_config.pp48
2 files changed, 31 insertions, 30 deletions
diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp
index 4f900623..b2bb0d3a 100644
--- a/puppet/modules/site_openvpn/manifests/init.pp
+++ b/puppet/modules/site_openvpn/manifests/init.pp
@@ -5,8 +5,9 @@
# (2) unlimited only
# (3) limited only
#
-# The difference is that 'unlimited' gateways only allow client certs that match the 'unlimited_prefix',
-# and 'limited' gateways only allow certs that match the 'limited_prefix'.
+# The difference is that 'unlimited' gateways only allow client certs that match
+# the 'unlimited_prefix', and 'limited' gateways only allow certs that match the
+# 'limited_prefix'.
#
# We potentially create four openvpn config files (thus four daemons):
#
@@ -89,8 +90,8 @@ class site_openvpn {
management => '127.0.0.1 1001'
}
} else {
- tidy { "/etc/openvpn/tcp_config.conf": }
- tidy { "/etc/openvpn/udp_config.conf": }
+ tidy { '/etc/openvpn/tcp_config.conf': }
+ tidy { '/etc/openvpn/udp_config.conf': }
}
if $openvpn_allow_limited {
@@ -113,8 +114,8 @@ class site_openvpn {
management => '127.0.0.1 1003'
}
} else {
- tidy { "/etc/openvpn/limited_tcp_config.conf": }
- tidy { "/etc/openvpn/limited_udp_config.conf": }
+ tidy { '/etc/openvpn/limited_tcp_config.conf': }
+ tidy { '/etc/openvpn/limited_udp_config.conf': }
}
file {
diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
index 6106cfbb..a53019a8 100644
--- a/puppet/modules/site_openvpn/manifests/server_config.pp
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -70,7 +70,7 @@ define site_openvpn::server_config(
if $tls_remote != undef {
openvpn::option {
- "tls-remote $openvpn_configname":
+ 'tls-remote $openvpn_configname':
key => 'tls-remote',
value => $tls_remote,
server => $openvpn_configname;
@@ -78,89 +78,89 @@ define site_openvpn::server_config(
}
openvpn::option {
- "ca $openvpn_configname":
+ "ca ${openvpn_configname}":
key => 'ca',
value => '/etc/openvpn/ca_bundle.pem',
server => $openvpn_configname;
- "cert $openvpn_configname":
+ "cert ${openvpn_configname}":
key => 'cert',
value => '/etc/x509/certs/leap_openvpn.crt',
server => $openvpn_configname;
- "key $openvpn_configname":
+ "key ${openvpn_configname}":
key => 'key',
value => '/etc/x509/keys/leap_openvpn.key',
server => $openvpn_configname;
- "dh $openvpn_configname":
+ "dh ${openvpn_configname}":
key => 'dh',
value => '/etc/openvpn/keys/dh.pem',
server => $openvpn_configname;
- "tls-cipher $openvpn_configname":
+ "tls-cipher ${openvpn_configname}":
key => 'tls-cipher',
value => 'DHE-RSA-AES128-SHA',
server => $openvpn_configname;
- "auth $openvpn_configname":
+ "auth ${openvpn_configname}":
key => 'auth',
value => 'SHA1',
server => $openvpn_configname;
- "cipher $openvpn_configname":
+ "cipher ${openvpn_configname}":
key => 'cipher',
value => 'AES-128-CBC',
server => $openvpn_configname;
- "dev $openvpn_configname":
+ "dev ${openvpn_configname}":
key => 'dev',
value => 'tun',
server => $openvpn_configname;
- "duplicate-cn $openvpn_configname":
+ "duplicate-cn ${openvpn_configname}":
key => 'duplicate-cn',
server => $openvpn_configname;
- "keepalive $openvpn_configname":
+ "keepalive ${openvpn_configname}":
key => 'keepalive',
value => '5 20',
server => $openvpn_configname;
- "local $openvpn_configname":
+ "local ${openvpn_configname}":
key => 'local',
value => $local,
server => $openvpn_configname;
- "mute $openvpn_configname":
+ "mute ${openvpn_configname}":
key => 'mute',
value => '5',
server => $openvpn_configname;
- "mute-replay-warnings $openvpn_configname":
+ "mute-replay-warnings ${openvpn_configname}":
key => 'mute-replay-warnings',
server => $openvpn_configname;
- "management $openvpn_configname":
+ "management ${openvpn_configname}":
key => 'management',
value => $management,
server => $openvpn_configname;
- "proto $openvpn_configname":
+ "proto ${openvpn_configname}":
key => 'proto',
value => $proto,
server => $openvpn_configname;
- "push1 $openvpn_configname":
+ "push1 ${openvpn_configname}":
key => 'push',
value => $push,
server => $openvpn_configname;
- "push2 $openvpn_configname":
+ "push2 ${openvpn_configname}":
key => 'push',
value => '"redirect-gateway def1"',
server => $openvpn_configname;
- "script-security $openvpn_configname":
+ "script-security ${openvpn_configname}":
key => 'script-security',
value => '2',
server => $openvpn_configname;
- "server $openvpn_configname":
+ "server ${openvpn_configname}":
key => 'server',
value => $server,
server => $openvpn_configname;
- "status $openvpn_configname":
+ "status ${openvpn_configname}":
key => 'status',
value => '/var/run/openvpn-status 10',
server => $openvpn_configname;
- "status-version $openvpn_configname":
+ "status-version ${openvpn_configname}":
key => 'status-version',
value => '3',
server => $openvpn_configname;
- "topology $openvpn_configname":
+ "topology ${openvpn_configname}":
key => 'topology',
value => 'subnet',
server => $openvpn_configname;
@@ -169,7 +169,7 @@ define site_openvpn::server_config(
# key => 'up',
# value => '/etc/openvpn/server-up.sh',
# server => $openvpn_configname;
- "verb $openvpn_configname":
+ "verb ${openvpn_configname}":
key => 'verb',
value => '3',
server => $openvpn_configname;