From 222fd1568d7af9ea953a4d6179578da5994ea1fd Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Thu, 20 Mar 2014 13:10:44 -0700
Subject: allow ability to customize openvpn security stuff: tls-cipher, auth,
 and cipher config options.

---
 puppet/modules/site_openvpn/manifests/server_config.pp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'puppet/modules/site_openvpn/manifests/server_config.pp')

diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
index befeaef7..6246a836 100644
--- a/puppet/modules/site_openvpn/manifests/server_config.pp
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -54,7 +54,7 @@
 
 define site_openvpn::server_config(
   $port, $proto, $local, $server, $push,
-  $management, $tls_remote = undef) {
+  $management, $config, $tls_remote = undef) {
 
   $openvpn_configname = $name
 
@@ -96,15 +96,15 @@ define site_openvpn::server_config(
         server  => $openvpn_configname;
     "tls-cipher ${openvpn_configname}":
         key     => 'tls-cipher',
-        value   => 'DHE-RSA-AES128-SHA',
+        value   => $config['tls-cipher'],
         server  => $openvpn_configname;
     "auth ${openvpn_configname}":
         key     => 'auth',
-        value   => 'SHA1',
+        value   => $config['auth'],
         server  => $openvpn_configname;
     "cipher ${openvpn_configname}":
         key     => 'cipher',
-        value   => 'AES-128-CBC',
+        value   => $config['cipher'],
         server  => $openvpn_configname;
     "dev ${openvpn_configname}":
         key    => 'dev',
-- 
cgit v1.2.3