From b9d2030beb890e8dccbbe42bfcc430a2c2702a92 Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 10 Nov 2014 20:43:24 -0800 Subject: openvpn - support customizing --fragment, and set default to 1400 --- puppet/modules/site_openvpn/manifests/server_config.pp | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'puppet/modules/site_openvpn/manifests') diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp index 97cf2842..466f6d00 100644 --- a/puppet/modules/site_openvpn/manifests/server_config.pp +++ b/puppet/modules/site_openvpn/manifests/server_config.pp @@ -85,6 +85,18 @@ define site_openvpn::server_config( key => 'tcp-nodelay', server => $openvpn_configname; } + } elsif $proto == 'udp' { + if $config['fragment'] != 1500 { + openvpn::option { + "fragment ${openvpn_configname}": + key => 'fragment', + value => $config['fragment'], + server => $openvpn_configname; + "mssfix ${openvpn_configname}": + key => 'mssfix', + server => $openvpn_configname; + } + } } openvpn::option { -- cgit v1.2.3 From dff949811324215278ab7e4c2db5de63d8a6218b Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 20 Nov 2014 15:31:27 -0500 Subject: Make sure openvpn is restarted when cert/key change (#6405) I reformatted the section below for consistency. Change-Id: I18f5e23850e0c1ab4b1f2ee467d5af54ae9ff303 --- puppet/modules/site_openvpn/manifests/init.pp | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'puppet/modules/site_openvpn/manifests') diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp index b6331f12..a8d2044d 100644 --- a/puppet/modules/site_openvpn/manifests/init.pp +++ b/puppet/modules/site_openvpn/manifests/init.pp @@ -148,13 +148,17 @@ class site_openvpn { exec { 'restart_openvpn': command => '/etc/init.d/openvpn restart', refreshonly => true, - subscribe => File['/etc/openvpn'], + subscribe => [ + File['/etc/openvpn'], + Class['Site_config::X509::Key'], + Class['Site_config::X509::Cert'], + Class['Site_config::X509::Ca'] ], require => [ - Package['openvpn'], - File['/etc/openvpn'], - Class['Site_config::X509::Key'], - Class['Site_config::X509::Cert'], - Class['Site_config::X509::Ca_bundle'] ]; + Package['openvpn'], + File['/etc/openvpn'], + Class['Site_config::X509::Key'], + Class['Site_config::X509::Cert'], + Class['Site_config::X509::Ca_bundle'] ]; } cron { 'add_gateway_ips.sh': -- cgit v1.2.3 From fbfc88d8e4ff032fd8155e264ba75668b426fdb2 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Sun, 23 Nov 2014 10:30:10 -0500 Subject: fix dependency on x509 ca_bundle class (#6410) Change-Id: Ia1e7009240d61464d7ba45ad07291664f6a3b768 --- puppet/modules/site_openvpn/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_openvpn/manifests') diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp index a8d2044d..d6f9150b 100644 --- a/puppet/modules/site_openvpn/manifests/init.pp +++ b/puppet/modules/site_openvpn/manifests/init.pp @@ -152,7 +152,7 @@ class site_openvpn { File['/etc/openvpn'], Class['Site_config::X509::Key'], Class['Site_config::X509::Cert'], - Class['Site_config::X509::Ca'] ], + Class['Site_config::X509::Ca_bundle'] ], require => [ Package['openvpn'], File['/etc/openvpn'], -- cgit v1.2.3