summaryrefslogtreecommitdiff
path: root/puppet/modules/site_openvpn
AgeCommit message (Collapse)Author
2013-10-15puppet - openvpn gateway address is hard coded as a /24 network (Bug #1863)varac
2013-10-02only add vpn_(un)?limited_udp_resolver and vpn_(un)?limited_tcp_resolver ↵Micah Anderson
lines to unbound.conf if the openvpn package is installed (#3868) Change-Id: I65852660a606ccea7569b2207bd535bd8aa3867c
2013-09-25openvpn is restarted before package is installed (Bug #3904)varac
2013-09-24seperate cert and key deployment (#3918)varac
2013-09-19Depend services on deployment of default key, cert and ca (Feature #3838)varac
2013-09-19tidy openvpn x509 definitions (#3831)varac
2013-09-19only deploy x509 stuff for nodes if it existes in hiera (Feature #3875)varac
2013-09-19Merge branch 'develop' of ssh://code.leap.se/leap_platform into developvarac
2013-09-18Setup a class dependency for every tag 'leap_service' to make sure that ↵Micah Anderson
shorewall is setup before the service is setup. This is necessary due to the strict initial firewall that stops various service setup operations from happening, but is relaxed once shorewall is setup properly (#3782) Change-Id: Ia9640c4118aa0053cdb99e7bc11860fed5527501
2013-09-18openvpn should use /usr/local/share/ca-certificates/leap_ca.crt (Feature #3831)varac
2013-09-13remove x509::ca for leap_ca in site_openvpn::keys and site_stunnel::stunnel ↵varac
(#3817)
2013-07-23fix linting errorMicah Anderson
Change-Id: I975e1bd480d756a85e556b440a0e28e3899c9af8
2013-07-16lint site_openvpn manifestsMicah Anderson
Change-Id: I314031d93aa9f4a0f217680870678e39c096d46a
2013-07-09use file_line from stdlib instead of line, now both ↵varac
vpn_unlimited_tcp_resolver and vpn_unlimited_udp_resolver are included
2013-07-04more robust openvpn restartingMicah Anderson
this ensures that an actual restart is run on the service when config files are added or removed, instead of relying on the status parameter of the initscript, which can be confused if config files are removed out from under it Change-Id: I1c69fff26933338b707acf7dc4593547f32f92e3
2013-05-16special casing for pistoncloud/openstack/ec2Micah Anderson
2013-04-30setup a site_config::params class that can be used to set some common ↵Micah Anderson
variables that are used in different places to start with we setup the $interface variable, based on logic as defined in #2213 change the various places that were looking up this value to use site_config::params::interface instead
2013-03-29fixed site_openvpn bug with redefined variable.elijah
2013-03-17added support for "limited" service levels (although vpn is not yet actually ↵elijah
rate limited).
2013-02-27openvpn -- added support for optional "free" rate-limited service via ↵elijah
special client certificates with the FREE prefix in the common name.
2013-02-26require that the package unbound be installed before trying to write to itsMicah Anderson
configuration file, this addresses issue #1853 - [vpn1] err: /Stage[main]/Site_openvpn::Resolver/Line[add_tcp_resolver]/Exec[echo 'server: include: /etc/unbound/conf.d/vpn_tcp_resolver' >> '/etc/unbound/unbound.conf']/returns: change from notrun to 0 failed: echo 'server: include: /etc/unbound/conf.d/vpn_tcp_resolver' >> '/etc/unbound/unbound.conf' returned 2 instead of one of [0] at /srv/leap/puppet/modules/common/manifests/defines/line.pp:45
2013-02-21linted a bitvarac
2013-02-21lintedvarac
2013-02-21lintedvarac
2013-01-31tag 'base' is a bad idea because it invokes apache::base as wellvarac
2013-01-31Merge branch 'develop' of ssh://leap.se/leap_platform into developelijah
2013-01-31added /etc/openvpn/ca_bundle.pem in order to allow multiple CA certs to be used.elijah
2013-01-31tag 'service' for all service classesvarac
2013-01-30lintedvarac
2013-01-29added support for client ca cert in site openvpn.elijah
2013-01-29fix variable name for re-ordered factMicah Anderson
2013-01-29fix variable scopingMicah Anderson
2013-01-29fix syntax error from enclosing variables in curlyMicah Anderson
2013-01-29enclose the variables in curly braces, as recommended by puppet-lintMicah Anderson
2013-01-29add a new fact that provides a fact for each configured ip address, telling youMicah Anderson
which interface has it (essentially the inverse of the ipaddress_${interface} fact). Switch the hiera lookups of the $interface, which was pulling from the .json to pull instead from the above fact, see #1547 and #1548
2013-01-17notify unbound when these configuration files changeMicah Anderson
2013-01-17fix typo in cidr variable nameMicah Anderson
2013-01-17change to using the CIDR notation for unbound access listMicah Anderson
2013-01-17fully qualify the variables that are used in the vpn gateway resolverMicah Anderson
2013-01-17unfortunately the version of unbound that is in wheezy does not support wildcardMicah Anderson
include directives, so this commit works around this by doing something less elegant than before. When we have the newer unbound available, we should switch to that method instead.
2013-01-17fix unbound access controlMicah Anderson
2013-01-16setup openvpn gateway resolver to listen on the udp/tcp virtual network ips soMicah Anderson
that queries can be made from clients on the vpn
2013-01-16update unbound submodule to fix infinite service restart problemMicah Anderson
2013-01-16setup site_unbound with a basic caching-only configuration and include that onMicah Anderson
the openvpn gateway (see #1172)
2013-01-16remove unnecessary include that was left over from ↵Micah Anderson
c2d57624c15dfaff038f9991f04ade46b5ad1d40:
2012-12-10openvpn: use x509 module to deploy certs (fixes #1064)varac
2012-11-23enable ip_forwarding #1029varac
2012-11-23openvpn -- enforce certain cipher choices on the serverelijah
2012-11-22clean up openvpn and x509 pathselijah
2012-11-22deploy openvpn server.crt and server.keyvarac
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 12:31:33 +0000