add README
[puppet_openvpn.git] / README
1 OpenVPN Puppet module
2 =====================
3
4 Example Usage:
5 --------------
6
7 openvpn::server {
8     "server1":
9         country      => "CH",
10         province     => "ZH",
11         city         => "Winterthur",
12         organization => "example.org",
13         email        => "root@example.org";
14 }
15
16     openvpn::option {
17         "dev server1":
18             key    => "dev",
19             value  => "tun0",
20             server => "server1";
21         "script-security server1":
22             key    => "script-security",
23             value  => "3",
24             server => "server1";
25         "daemon server1":
26             key    => "daemon",
27             server => "server1";
28         "keepalive server1":
29             key    => "keepalive",
30             value  => "10 60",
31             server => "server1";
32         "ping-timer-rem server1":
33             key    => "ping-timer-rem",
34             server => "server1";
35         "persist-tun server1":
36             key    => "persist-tun",
37             server => "server1";
38         "persist-key server1":
39             key    => "persist-key",
40             server => "server1";
41         "proto server1":
42             key    => "proto",
43             value  => "tcp-server",
44             server => "server1";
45         "cipher server1":
46             key    => "cipher",
47             value  => "BF-CBC",
48             server => "server1";
49         "local server1":
50             key    => "local",
51             value  => $ipaddress,
52             server => "server1";
53         "tls-server server1":
54             key    => "tls-server",
55             server => "server1";
56         "server server1":
57             key    => "server",
58             value  => "10.10.10.0 255.255.255.0",
59             server => "server1";
60         "client-config-dir server1":
61             key    => "client-config-dir",
62             value  => "/etc/openvpn/server1/client-configs",
63             server => "server1";
64         "lport server1":
65             key    => "lport",
66             value  => "1194",
67             server => "server1";
68         "management server1":
69             key    => "management",
70             value  => "/var/run/openvpn-server1.sock unix",
71             server => "server1";
72         "comp-lzo server1":
73             key    => "comp-lzo",
74             server => "server1";
75         "topology server1":
76             key    => "topology",
77             value  => "subnet",
78             server => "server1";
79         "client-to-client server1":
80             key    => "client-to-client",
81             server => "server1";
82     }
83
84
85     # define clients
86     openvpn::client {
87         [ "client1.example.org", "client2.example.org" ]:
88             server      => "server1";
89     }
90
91     # add options to the client-config-dir file
92     openvpn::option {
93         "iroute server1 client1.example.org home network":
94             key    => "iroute",
95             value  => "192.168.0.0 255.255.255.0",
96             client => "client1.example.org",
97             server => "server1",
98             csc    => true;
99     }
100
101     # add an option to the client config
102     openvpn::option {
103         "ifconfig server1 client2.example.org":
104             key    => "ifconfig-push",
105             value  => "10.10.10.2 255.255.255.0",
106             client => "client2.example.org",
107             server => "server1";
108     }
109
110 Don't forget the sysctl directive 'net.ipv4.ip_forward'!