summaryrefslogtreecommitdiff
path: root/puppet/modules/site_openvpn/manifests/server_config.pp
blob: 482c6ab7b2319d5b976e00f559764ca32a30211d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
define site_openvpn::server_config ($port, $proto, $local, $server, $push, $management ) {

  $openvpn_configname = $name

  concat {
    "/etc/openvpn/$openvpn_configname.conf":
        owner   => root,
        group   => root,
        mode    => 644,
        warn    => true,
        require => File['/etc/openvpn'],
        notify  => Service['openvpn'];
  }

  openvpn::option {
    "ca $openvpn_configname":
        key     => 'ca',
        value   => '/etc/openvpn/keys/ca.crt',
        server  => $openvpn_configname;
    "cert $openvpn_configname":
        key     => 'cert',
        value   => '/etc/openvpn/keys/server.crt',
        server  => $openvpn_configname;
    "key $openvpn_configname":
        key     => 'key',
        value   => '/etc/openvpn/keys/server.key',
        server  => $openvpn_configname;
    "dh $openvpn_configname":
        key     => 'dh',
        value   => '/etc/openvpn/keys/dh.pem',
        server  => $openvpn_configname;

    "dev $openvpn_configname":
        key    => 'dev',
        value  => 'tun',
        server => $openvpn_configname;
    "duplicate-cn $openvpn_configname":
        key    => 'duplicate-cn',
        server => $openvpn_configname;
    "keepalive $openvpn_configname":
        key    => 'keepalive',
        value  => '5 20',
        server => $openvpn_configname;
    "local $openvpn_configname":
        key    => 'local',
        value  => $local,
        server => $openvpn_configname;
    "mute $openvpn_configname":
        key    => 'mute',
        value  => '5',
        server => $openvpn_configname;
    "mute-replay-warnings $openvpn_configname":
        key    => 'mute-replay-warnings',
        server => $openvpn_configname;
    "management $openvpn_configname":
        key    => 'management',
        value  => $management,
        server => $openvpn_configname;
    "proto $openvpn_configname":
        key    => 'proto',
        value  => $proto,
        server => $openvpn_configname;
    "push1 $openvpn_configname":
        key    => 'push',
        value  => $push,
        server => $openvpn_configname;
    "push2 $openvpn_configname":
        key    => 'push',
        value  => '"redirect-gateway def1"',
        server => $openvpn_configname;
    "script-security $openvpn_configname":
        key    => 'script-security',
        value  => '2',
        server => $openvpn_configname;
    "server $openvpn_configname":
        key    => 'server',
        value  => "$server",
        server => $openvpn_configname;
    "status $openvpn_configname":
        key    => 'status',
        value  => '/var/run/openvpn-status 10',
        server => $openvpn_configname;
    "status-version $openvpn_configname":
        key    => 'status-version',
        value  => '3',
        server => $openvpn_configname;
    "topology $openvpn_configname":
        key    => 'topology',
        value  => 'subnet',
        server => $openvpn_configname;
    # no need for server-up.sh right now
    #"up $openvpn_configname":
    #    key    => 'up',
    #    value  => '/etc/openvpn/server-up.sh',
    #    server => $openvpn_configname;
    "verb $openvpn_configname":
        key    => 'verb',
        value  => '3',
        server => $openvpn_configname;
  }
}