From 3ef044034b51d992d6952a9c6b9d16cba16abc30 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Tue, 13 May 2014 02:22:05 -0700
Subject: openvpn server config: script-security should be "1", since we don't
 need "2"; add tcp-nodelay to tcp servers.

---
 puppet/modules/site_openvpn/manifests/server_config.pp | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

(limited to 'puppet/modules/site_openvpn/manifests/server_config.pp')

diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
index cbc5f68e..97cf2842 100644
--- a/puppet/modules/site_openvpn/manifests/server_config.pp
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -78,6 +78,15 @@ define site_openvpn::server_config(
     }
   }
 
+  # according to openvpn man page: tcp-nodelay is a "generally a good latency optimization".
+  if $proto == 'tcp' {
+    openvpn::option {
+      "tcp-nodelay ${openvpn_configname}":
+        key     => 'tcp-nodelay',
+        server  => $openvpn_configname;
+    }
+  }
+
   openvpn::option {
     "ca ${openvpn_configname}":
       key     => 'ca',
@@ -154,7 +163,7 @@ define site_openvpn::server_config(
       server => $openvpn_configname;
     "script-security ${openvpn_configname}":
       key    => 'script-security',
-      value  => '2',
+      value  => '1',
       server => $openvpn_configname;
     "server ${openvpn_configname}":
       key    => 'server',
@@ -176,11 +185,6 @@ define site_openvpn::server_config(
       key    => 'topology',
       value  => 'subnet',
       server => $openvpn_configname;
-    # no need for server-up.sh right now
-    #"up $openvpn_configname":
-    #    key    => 'up',
-    #    value  => '/etc/openvpn/server-up.sh',
-    #    server => $openvpn_configname;
     "verb ${openvpn_configname}":
       key    => 'verb',
       value  => '3',
-- 
cgit v1.2.3