1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
define site_openvpn::server_config($port, $proto) {
$openvpn_configname=$name
notice("Creating OpenVPN $openvpn_configname:
Port: $port, Protocol: $proto")
file {
"/etc/openvpn/${name}":
ensure => directory,
require => Package["openvpn"];
}
concat {
"/etc/openvpn/${openvpn_configname}.conf":
owner => root,
group => root,
mode => 644,
warn => true,
require => File["/etc/openvpn"],
notify => Service["openvpn"];
}
openvpn::option {
"ca ${openvpn_configname}":
key => "ca",
value => "/etc/openvpn/ca.crt",
#require => Exec["initca ${openvpn_configname}"],
server => "${openvpn_configname}";
"cert ${openvpn_configname}":
key => "cert",
value => "/etc/openvpn/${openvpn_configname}/server.crt",
#require => Exec["generate server cert ${openvpn_configname}"],
server => "${openvpn_configname}";
"key ${openvpn_configname}":
key => "key",
value => "/etc/openvpn/${openvpn_configname}/server.key",
#require => Exec["generate server cert ${openvpn_configname}"],
server => "${openvpn_configname}";
"dh ${openvpn_configname}":
key => "dh",
value => "/etc/openvpn/dh1024.pem",
#require => Exec["generate dh param ${openvpn_configname}"],
server => "${openvpn_configname}";
"dev $openvpn_configname":
key => "dev",
value => "tun",
server => "$openvpn_configname";
"mode ${openvpn_configname}":
key => 'mode',
value => 'server',
server => $openvpn_configname;
"script-security $openvpn_configname":
key => "script-security",
value => "3",
server => "$openvpn_configname";
"daemon $openvpn_configname":
key => "daemon",
server => "$openvpn_configname";
"keepalive $openvpn_configname":
key => "keepalive",
value => "10 60",
server => "$openvpn_configname";
"ping-timer-rem $openvpn_configname":
key => "ping-timer-rem",
server => "$openvpn_configname";
"persist-tun $openvpn_configname":
key => "persist-tun",
server => "$openvpn_configname";
"persist-key $openvpn_configname":
key => "persist-key",
server => "$openvpn_configname";
"proto $openvpn_configname":
key => "proto",
value => "$proto",
server => "$openvpn_configname";
"cipher $openvpn_configname":
key => "cipher",
value => "BF-CBC",
server => "$openvpn_configname";
"local $openvpn_configname":
key => "local",
value => $ipaddress,
server => "$openvpn_configname";
"tls-server $openvpn_configname":
key => "tls-server",
server => "$openvpn_configname";
#"server $openvpn_configname":
# key => "server",
# value => "$server",
# server => "$openvpn_configname";
"lport $openvpn_configname":
key => "lport",
value => "$port",
server => "$openvpn_configname";
"management $openvpn_configname":
key => "management",
value => "/var/run/openvpn-$openvpn_configname.sock unix",
server => "$openvpn_configname";
"comp-lzo $openvpn_configname":
key => "comp-lzo",
server => "$openvpn_configname";
"topology $openvpn_configname":
key => "topology",
value => "subnet",
server => "$openvpn_configname";
#"client-to-client $openvpn_configname":
# key => "client-to-client",
# server => "$openvpn_configname";
}
}
|
