From 4c649b08e215b229c280d0f15730418033b13fb9 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 16 Jan 2013 14:54:49 -0500 Subject: setup openvpn gateway resolver to listen on the udp/tcp virtual network ips so that queries can be made from clients on the vpn --- puppet/modules/site_openvpn/manifests/resolver.pp | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_openvpn/manifests') diff --git a/puppet/modules/site_openvpn/manifests/resolver.pp b/puppet/modules/site_openvpn/manifests/resolver.pp index 0f0510c1..eaa765fe 100644 --- a/puppet/modules/site_openvpn/manifests/resolver.pp +++ b/puppet/modules/site_openvpn/manifests/resolver.pp @@ -1,8 +1,14 @@ class site_openvpn::resolver { - file { '/etc/unbound/conf.d/vpn_resolver': - content => "interface: $openvpn_gateway_address\n", - owner => root, group => root, mode => '0644', - require => Exec['/usr/local/bin/leap_add_second_ip.sh']; + file { + '/etc/unbound/conf.d/vpn_udp_resolver': + content => "interface: ${openvpn_udp_network_prefix}.1\naccess-control: ${openvpn_udp_network_prefix}.0/${openvpn_udp_netmask}\n", + owner => root, group => root, mode => '0644', + require => Service['openvpn']; + + '/etc/unbound/conf.d/vpn_tcp_resolver': + content => "interface: ${openvpn_tcp_network_prefix}.1\naccess-control: ${openvpn_tcp_network_prefix}.0/${openvpn_tcp_netmask}\n", + owner => root, group => root, mode => '0644', + require => Service['openvpn']; } } -- cgit v1.2.3