Readme.markdown

   1 # OpenVPN Puppet module
   2
   3 OpenVPN module for puppet including client config/cert creation (tarball to download)
   4
   5 ## Dependencies
   6   - [puppet-concat](https://github.com/ripienaar/puppet-concat)
   7
   8 ## Example
   9
  10     # add a server instance
  11     openvpn::server {
  12         "server1":
  13             country      => "CH",
  14             province     => "ZH",
  15             city         => "Winterthur",
  16             organization => "example.org",
  17             email        => "root@example.org";
  18     }
  19
  20     # configure server
  21     openvpn::option {
  22         "dev server1":
  23             key    => "dev",
  24             value  => "tun0",
  25             server => "server1";
  26         "script-security server1":
  27             key    => "script-security",
  28             value  => "3",
  29             server => "server1";
  30         "daemon server1":
  31             key    => "daemon",
  32             server => "server1";
  33         "keepalive server1":
  34             key    => "keepalive",
  35             value  => "10 60",
  36             server => "server1";
  37         "ping-timer-rem server1":
  38             key    => "ping-timer-rem",
  39             server => "server1";
  40         "persist-tun server1":
  41             key    => "persist-tun",
  42             server => "server1";
  43         "persist-key server1":
  44             key    => "persist-key",
  45             server => "server1";
  46         "proto server1":
  47             key    => "proto",
  48             value  => "tcp-server",
  49             server => "server1";
  50         "cipher server1":
  51             key    => "cipher",
  52             value  => "BF-CBC",
  53             server => "server1";
  54         "local server1":
  55             key    => "local",
  56             value  => $ipaddress,
  57             server => "server1";
  58         "tls-server server1":
  59             key    => "tls-server",
  60             server => "server1";
  61         "server server1":
  62             key    => "server",
  63             value  => "10.10.10.0 255.255.255.0",
  64             server => "server1";
  65         "client-config-dir server1":
  66             key    => "client-config-dir",
  67             value  => "/etc/openvpn/server1/client-configs",
  68             server => "server1";
  69         "lport server1":
  70             key    => "lport",
  71             value  => "1194",
  72             server => "server1";
  73         "management server1":
  74             key    => "management",
  75             value  => "/var/run/openvpn-server1.sock unix",
  76             server => "server1";
  77         "comp-lzo server1":
  78             key    => "comp-lzo",
  79             server => "server1";
  80         "topology server1":
  81             key    => "topology",
  82             value  => "subnet",
  83             server => "server1";
  84         "client-to-client server1":
  85             key    => "client-to-client",
  86             server => "server1";
  87     }
  88
  89
  90     # define clients
  91     openvpn::client {
  92         [ "client1.example.org", "client2.example.org" ]:
  93             server      => "server1";
  94     }
  95
  96     # add options to the client-config-dir file
  97     openvpn::option {
  98         "iroute server1 client1.example.org home network":
  99             key    => "iroute",
 100             value  => "192.168.0.0 255.255.255.0",
 101             client => "client1.example.org",
 102             server => "server1",
 103             csc    => true;
 104     }
 105
 106     # add an option to the client config
 107     openvpn::option {
 108         "ifconfig server1 client2.example.org":
 109             key    => "ifconfig-push",
 110             value  => "10.10.10.2 255.255.255.0",
 111             client => "client2.example.org",
 112             server => "server1";
 113     }
 114
 115 Don't forget the sysctl directive 'net.ipv4.ip_forward'!