1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
define site_openvpn::server_config ($port, $proto, $local, $server, $push, $management ) {
$openvpn_configname = $name
concat {
"/etc/openvpn/$openvpn_configname.conf":
owner => root,
group => root,
mode => 644,
warn => true,
require => File['/etc/openvpn'],
notify => Service['openvpn'];
}
openvpn::option {
"ca $openvpn_configname":
key => 'ca',
value => '/etc/openvpn/keys/ca.crt',
server => $openvpn_configname;
"cert $openvpn_configname":
key => 'cert',
value => '/etc/openvpn/keys/server.crt',
server => $openvpn_configname;
"key $openvpn_configname":
key => 'key',
value => '/etc/openvpn/keys/server.key',
server => $openvpn_configname;
"dh $openvpn_configname":
key => 'dh',
value => '/etc/openvpn/keys/dh.pem',
server => $openvpn_configname;
"dev $openvpn_configname":
key => 'dev',
value => 'tun',
server => $openvpn_configname;
"duplicate-cn $openvpn_configname":
key => 'duplicate-cn',
server => $openvpn_configname;
"keepalive $openvpn_configname":
key => 'keepalive',
value => '5 20',
server => $openvpn_configname;
"local $openvpn_configname":
key => 'local',
value => $local,
server => $openvpn_configname;
"mute $openvpn_configname":
key => 'mute',
value => '5',
server => $openvpn_configname;
"mute-replay-warnings $openvpn_configname":
key => 'mute-replay-warnings',
server => $openvpn_configname;
"management $openvpn_configname":
key => 'management',
value => $management,
server => $openvpn_configname;
"proto $openvpn_configname":
key => 'proto',
value => $proto,
server => $openvpn_configname;
"push1 $openvpn_configname":
key => 'push',
value => $push,
server => $openvpn_configname;
"push2 $openvpn_configname":
key => 'push',
value => '"redirect-gateway def1"',
server => $openvpn_configname;
"script-security $openvpn_configname":
key => 'script-security',
value => '2',
server => $openvpn_configname;
"server $openvpn_configname":
key => 'server',
value => "$server",
server => $openvpn_configname;
"status $openvpn_configname":
key => 'status',
value => '/var/run/openvpn-status 10',
server => $openvpn_configname;
"status-version $openvpn_configname":
key => 'status-version',
value => '3',
server => $openvpn_configname;
"topology $openvpn_configname":
key => 'topology',
value => 'subnet',
server => $openvpn_configname;
# no need for server-up.sh right now
#"up $openvpn_configname":
# key => 'up',
# value => '/etc/openvpn/server-up.sh',
# server => $openvpn_configname;
"verb $openvpn_configname":
key => 'verb',
value => '3',
server => $openvpn_configname;
}
}
|
