remove old files
[puppet_openvpn.git] / README
1 OpenVPN Puppet module
2 =====================
3
4 Example Usage:
5 --------------
6
7 # add a server instance
8 openvpn::server {
9     "server1":
10         country      => "CH",
11         province     => "ZH",
12         city         => "Winterthur",
13         organization => "example.org",
14         email        => "root@example.org";
15 }
16
17 # configure server
18 openvpn::option {
19     "dev server1":
20         key    => "dev",
21         value  => "tun0",
22         server => "server1";
23     "script-security server1":
24         key    => "script-security",
25         value  => "3",
26         server => "server1";
27     "daemon server1":
28         key    => "daemon",
29         server => "server1";
30     "keepalive server1":
31         key    => "keepalive",
32         value  => "10 60",
33         server => "server1";
34     "ping-timer-rem server1":
35         key    => "ping-timer-rem",
36         server => "server1";
37     "persist-tun server1":
38         key    => "persist-tun",
39         server => "server1";
40     "persist-key server1":
41         key    => "persist-key",
42         server => "server1";
43     "proto server1":
44         key    => "proto",
45         value  => "tcp-server",
46         server => "server1";
47     "cipher server1":
48         key    => "cipher",
49         value  => "BF-CBC",
50         server => "server1";
51     "local server1":
52         key    => "local",
53         value  => $ipaddress,
54         server => "server1";
55     "tls-server server1":
56         key    => "tls-server",
57         server => "server1";
58     "server server1":
59         key    => "server",
60         value  => "10.10.10.0 255.255.255.0",
61         server => "server1";
62     "client-config-dir server1":
63         key    => "client-config-dir",
64         value  => "/etc/openvpn/server1/client-configs",
65         server => "server1";
66     "lport server1":
67         key    => "lport",
68         value  => "1194",
69         server => "server1";
70     "management server1":
71         key    => "management",
72         value  => "/var/run/openvpn-server1.sock unix",
73         server => "server1";
74     "comp-lzo server1":
75         key    => "comp-lzo",
76         server => "server1";
77     "topology server1":
78         key    => "topology",
79         value  => "subnet",
80         server => "server1";
81     "client-to-client server1":
82         key    => "client-to-client",
83         server => "server1";
84 }
85
86
87     # define clients
88     openvpn::client {
89         [ "client1.example.org", "client2.example.org" ]:
90             server      => "server1";
91     }
92
93     # add options to the client-config-dir file
94     openvpn::option {
95         "iroute server1 client1.example.org home network":
96             key    => "iroute",
97             value  => "192.168.0.0 255.255.255.0",
98             client => "client1.example.org",
99             server => "server1",
100             csc    => true;
101     }
102
103     # add an option to the client config
104     openvpn::option {
105         "ifconfig server1 client2.example.org":
106             key    => "ifconfig-push",
107             value  => "10.10.10.2 255.255.255.0",
108             client => "client2.example.org",
109             server => "server1";
110     }
111
112 Don't forget the sysctl directive 'net.ipv4.ip_forward'!