leap_platform.git - [leap

Age	Commit message (Collapse)	Author
2016-04-12	Put openvpn logs into leap directory (#8021)	Micah
	Have openvpn logs go to /var/log/leap/openvpn_$protocol, instead of to /var/log/daemon.log. Change-Id: I1fc33de660648ab0dba1ce98de2864649c104719
2016-03-08	[bug] Fix inline template with deprecated variable notation	varac
	- Resolves: #7948
2016-02-16	remove pinning of openvpn package to backports	elijah

2016-01-22	linted puppet/modules/site_openvpn/manifests/init.pp	varac

2016-01-22	restructured site.pp, now only one class gets included in site.pp per ↵	varac
	service (Bug #6851) Also, moved global Exec{} defaults to site.pp Change-Id: I9ae91b77afde944d2f1312613b9d9030e32239dd
2016-01-19	Ensure openvpn services are running on jessie	varac

2016-01-16	[bug] Enable openvpn services on jessie	varac
	- Tested: [unstable.bitmask.net] - Resolves: #7798
2015-10-13	Make syslog stop logging the icmpv6_send: no reply to icmp error	Micah
	messages, these are spamming provider's logs and will continue to do so until we have ipv6 working for the VPN (#6540) Change-Id: I80673bb64d8239e478bc042794929640f7a7cc39
2015-04-16	clean up logging mess: add 'logfile' define, mv openvpn and stunnel logs to ↵	elijah
	their own files, fix mx logwatch path.
2015-01-05	vpn: each openvpn process needs a unique status file name. closes #6608	elijah

2014-11-23	fix dependency on x509 ca_bundle class (#6410)	Micah Anderson
	Change-Id: Ia1e7009240d61464d7ba45ad07291664f6a3b768
2014-11-20	Make sure openvpn is restarted when cert/key change (#6405)	Micah Anderson
	I reformatted the section below for consistency. Change-Id: I18f5e23850e0c1ab4b1f2ee467d5af54ae9ff303
2014-11-10	openvpn - support customizing --fragment, and set default to 1400	elijah

2014-06-02	fix unbound: configs in /etc/unbound/unbound.conf.d contained a syntax error ↵	elijah
	and were missing .conf suffix
2014-05-22	Implement #2328: unbound.conf: content changed on every puppetrun	Micah Anderson
	This is done by using the include glob capability that is in the wheezy-backports and newer unbound to include the /etc/unbound/unbound.conf.d/* config files. To do this, we need to transition from our /etc/unbound/conf.d directory structure to use the one that the debian package uses. This allows us to clean up the rather ugly way we were configuring the resolver before. Change-Id: I68347922f265bbd0ddf11d59d8574a612a7bd82c
2014-05-13	openvpn server config: script-security should be "1", since we don't need ↵	elijah
	"2"; add tcp-nodelay to tcp servers.
2014-05-07	openvpn package resource needs to be ensure => latest to accommodate upgrades	Micah Anderson
	Change-Id: I8caad9b4ac15dcce8ab74ad6d22dd6ad9f6efb14
2014-05-06	set the ipv6 configuration options on the server	Micah Anderson
	some important things to note: We are hard-coding the pushing of the ipv6 route '2000::/3' and configuring the server-ipv6 to be 2001:db8:123::/64. This netblock is a reserved ipv6 prefix that is used for documentation purposes only (http://www.apnic.net/info/faq/ipv6-documentation-prefix-faq.html), and the route being pushed redirects all internet-bound traffic. When LEAP fully supports ipv6, these network values should be turned into variables, but for now, to make sure we are blocking any clients that have functional ipv6, this will work. Change-Id: Icb65f3169264e0178a2e98825b266a779feac6b5
2014-05-06	install openvpn from wheezy-backports, this will bring in openvpn 2.3,	Micah Anderson
	which will provide us with proper ipv6 support Change-Id: I0188732aae6cbc64ab57e95bf805d6158fa17e07
2014-04-24	make sure concat fragments are put together before the openvpn service	Micah Anderson
	is run, otherwise the openvpn service is restarted before config files are deployed (#4154) Change-Id: Ide38615714c1978bb90237986baea530c54153c3
2014-04-24	update indentation to be standard	Micah Anderson
	Change-Id: Ic0ac3a7e6c9ce0e5f95bab023dbbf890c31d9e1c
2014-04-05	openvpn: allow for configurable keepalive (aka ping & ping-restart) closes ↵	elijah
	https://leap.se/code/issues/4127
2014-04-02	Merge pull request #20 from elijh/feature/openvpn-config	varac
	allow ability to customize openvpn security options
2014-03-25	ignore openvpn TLS initialization errors (Feature #5374)	varac

2014-03-20	allow ability to customize openvpn security stuff: tls-cipher, auth, and ↵	elijah
	cipher config options.
2013-10-15	puppet - openvpn gateway address is hard coded as a /24 network (Bug #1863)	varac

2013-10-02	only add vpn_(un)?limited_udp_resolver and vpn_(un)?limited_tcp_resolver ↵	Micah Anderson
	lines to unbound.conf if the openvpn package is installed (#3868) Change-Id: I65852660a606ccea7569b2207bd535bd8aa3867c
2013-09-25	openvpn is restarted before package is installed (Bug #3904)	varac

2013-09-24	seperate cert and key deployment (#3918)	varac

2013-09-19	Depend services on deployment of default key, cert and ca (Feature #3838)	varac

2013-09-19	tidy openvpn x509 definitions (#3831)	varac

2013-09-19	only deploy x509 stuff for nodes if it existes in hiera (Feature #3875)	varac

2013-09-19	Merge branch 'develop' of ssh://code.leap.se/leap_platform into develop	varac

2013-09-18	Setup a class dependency for every tag 'leap_service' to make sure that ↵	Micah Anderson
	shorewall is setup before the service is setup. This is necessary due to the strict initial firewall that stops various service setup operations from happening, but is relaxed once shorewall is setup properly (#3782) Change-Id: Ia9640c4118aa0053cdb99e7bc11860fed5527501
2013-09-18	openvpn should use /usr/local/share/ca-certificates/leap_ca.crt (Feature #3831)	varac

2013-09-13	remove x509::ca for leap_ca in site_openvpn::keys and site_stunnel::stunnel ↵	varac
	(#3817)
2013-07-23	fix linting error	Micah Anderson
	Change-Id: I975e1bd480d756a85e556b440a0e28e3899c9af8
2013-07-16	lint site_openvpn manifests	Micah Anderson
	Change-Id: I314031d93aa9f4a0f217680870678e39c096d46a
2013-07-09	use file_line from stdlib instead of line, now both ↵	varac
	vpn_unlimited_tcp_resolver and vpn_unlimited_udp_resolver are included
2013-07-04	more robust openvpn restarting	Micah Anderson
	this ensures that an actual restart is run on the service when config files are added or removed, instead of relying on the status parameter of the initscript, which can be confused if config files are removed out from under it Change-Id: I1c69fff26933338b707acf7dc4593547f32f92e3
2013-05-16	special casing for pistoncloud/openstack/ec2	Micah Anderson

2013-04-30	setup a site_config::params class that can be used to set some common ↵	Micah Anderson
	variables that are used in different places to start with we setup the $interface variable, based on logic as defined in #2213 change the various places that were looking up this value to use site_config::params::interface instead
2013-03-29	fixed site_openvpn bug with redefined variable.	elijah

2013-03-17	added support for "limited" service levels (although vpn is not yet actually ↵	elijah
	rate limited).
2013-02-27	openvpn -- added support for optional "free" rate-limited service via ↵	elijah
	special client certificates with the FREE prefix in the common name.
2013-02-26	require that the package unbound be installed before trying to write to its	Micah Anderson
	configuration file, this addresses issue #1853 - [vpn1] err: /Stage[main]/Site_openvpn::Resolver/Line[add_tcp_resolver]/Exec[echo 'server: include: /etc/unbound/conf.d/vpn_tcp_resolver' >> '/etc/unbound/unbound.conf']/returns: change from notrun to 0 failed: echo 'server: include: /etc/unbound/conf.d/vpn_tcp_resolver' >> '/etc/unbound/unbound.conf' returned 2 instead of one of [0] at /srv/leap/puppet/modules/common/manifests/defines/line.pp:45
2013-02-21	linted a bit	varac

2013-02-21	linted	varac

2013-02-21	linted	varac

2013-01-31	tag 'base' is a bad idea because it invokes apache::base as well	varac