summaryrefslogtreecommitdiff
path: root/puppet/modules/openvpn/Readme.markdown
blob: c6cf83379cb3d31552c656ed84f475129ad121fd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# OpenVPN Puppet module

OpenVPN module for puppet including client config/cert creation (tarball to download)

## Dependencies
  - [puppet-concat](https://github.com/ripienaar/puppet-concat)

## Supported OS
  - Debian Squeeze (should, as it works on Ubuntu Lucid)
  - Ubuntu 10.4, 12.04 (other untested)
  - CentOS

## Example

    # add a server instance
    openvpn::server {
        "server1":
            country      => "CH",
            province     => "ZH",
            city         => "Winterthur",
            organization => "example.org",
            email        => "root@example.org";
    }

    # configure server
    openvpn::option {
        "dev server1":
            key    => "dev",
            value  => "tun0",
            server => "server1";
        "script-security server1":
            key    => "script-security",
            value  => "3",
            server => "server1";
        "daemon server1":
            key    => "daemon",
            server => "server1";
        "keepalive server1":
            key    => "keepalive",
            value  => "10 60",
            server => "server1";
        "ping-timer-rem server1":
            key    => "ping-timer-rem",
            server => "server1";
        "persist-tun server1":
            key    => "persist-tun",
            server => "server1";
        "persist-key server1":
            key    => "persist-key",
            server => "server1";
        "proto server1":
            key    => "proto",
            value  => "tcp-server",
            server => "server1";
        "cipher server1":
            key    => "cipher",
            value  => "BF-CBC",
            server => "server1";
        "local server1":
            key    => "local",
            value  => $ipaddress,
            server => "server1";
        "tls-server server1":
            key    => "tls-server",
            server => "server1";
        "server server1":
            key    => "server",
            value  => "10.10.10.0 255.255.255.0",
            server => "server1";
        "lport server1":
            key    => "lport",
            value  => "1194",
            server => "server1";
        "management server1":
            key    => "management",
            value  => "/var/run/openvpn-server1.sock unix",
            server => "server1";
        "comp-lzo server1":
            key    => "comp-lzo",
            server => "server1";
        "topology server1":
            key    => "topology",
            value  => "subnet",
            server => "server1";
        "client-to-client server1":
            key    => "client-to-client",
            server => "server1";
    }


    # define clients
    openvpn::client {
        [ "client1.example.org", "client2.example.org" ]:
            server      => "server1";
    }

    # add options to the client-config-dir file
    openvpn::option {
        "iroute server1 client1.example.org home network":
            key    => "iroute",
            value  => "192.168.0.0 255.255.255.0",
            client => "client1.example.org",
            server => "server1",
            csc    => true;
    }

    # add an option to the client config
    openvpn::option {
        "ifconfig server1 client2.example.org":
            key    => "ifconfig-push",
            value  => "10.10.10.2 255.255.255.0",
            client => "client2.example.org",
            server => "server1";
    }

Don't forget the [sysctl](https://github.com/luxflux/puppet-sysctl) directive ```net.ipv4.ip_forward```!