update readme to link to our dependencies
[puppet_openvpn.git] / Readme.markdown
1 # OpenVPN Puppet module
2
3 OpenVPN module for puppet including client config/cert creation (tarball to download)
4
5 ## Dependencies
6   - [puppet-concat](https://github.com/ripienaar/puppet-concat)
7
8 ## Example
9
10     # add a server instance
11     openvpn::server {
12         "server1":
13             country      => "CH",
14             province     => "ZH",
15             city         => "Winterthur",
16             organization => "example.org",
17             email        => "root@example.org";
18     }
19
20     # configure server
21     openvpn::option {
22         "dev server1":
23             key    => "dev",
24             value  => "tun0",
25             server => "server1";
26         "script-security server1":
27             key    => "script-security",
28             value  => "3",
29             server => "server1";
30         "daemon server1":
31             key    => "daemon",
32             server => "server1";
33         "keepalive server1":
34             key    => "keepalive",
35             value  => "10 60",
36             server => "server1";
37         "ping-timer-rem server1":
38             key    => "ping-timer-rem",
39             server => "server1";
40         "persist-tun server1":
41             key    => "persist-tun",
42             server => "server1";
43         "persist-key server1":
44             key    => "persist-key",
45             server => "server1";
46         "proto server1":
47             key    => "proto",
48             value  => "tcp-server",
49             server => "server1";
50         "cipher server1":
51             key    => "cipher",
52             value  => "BF-CBC",
53             server => "server1";
54         "local server1":
55             key    => "local",
56             value  => $ipaddress,
57             server => "server1";
58         "tls-server server1":
59             key    => "tls-server",
60             server => "server1";
61         "server server1":
62             key    => "server",
63             value  => "10.10.10.0 255.255.255.0",
64             server => "server1";
65         "client-config-dir server1":
66             key    => "client-config-dir",
67             value  => "/etc/openvpn/server1/client-configs",
68             server => "server1";
69         "lport server1":
70             key    => "lport",
71             value  => "1194",
72             server => "server1";
73         "management server1":
74             key    => "management",
75             value  => "/var/run/openvpn-server1.sock unix",
76             server => "server1";
77         "comp-lzo server1":
78             key    => "comp-lzo",
79             server => "server1";
80         "topology server1":
81             key    => "topology",
82             value  => "subnet",
83             server => "server1";
84         "client-to-client server1":
85             key    => "client-to-client",
86             server => "server1";
87     }
88
89
90     # define clients
91     openvpn::client {
92         [ "client1.example.org", "client2.example.org" ]:
93             server      => "server1";
94     }
95
96     # add options to the client-config-dir file
97     openvpn::option {
98         "iroute server1 client1.example.org home network":
99             key    => "iroute",
100             value  => "192.168.0.0 255.255.255.0",
101             client => "client1.example.org",
102             server => "server1",
103             csc    => true;
104     }
105
106     # add an option to the client config
107     openvpn::option {
108         "ifconfig server1 client2.example.org":
109             key    => "ifconfig-push",
110             value  => "10.10.10.2 255.255.255.0",
111             client => "client2.example.org",
112             server => "server1";
113     }
114
115 Don't forget the sysctl directive 'net.ipv4.ip_forward'!