diff options
-rw-r--r-- | manifests/server.pp | 12 | ||||
-rw-r--r-- | spec/defines/openvpn_server_spec.rb | 6 | ||||
-rw-r--r-- | templates/server.erb | 5 |
3 files changed, 18 insertions, 5 deletions
diff --git a/manifests/server.pp b/manifests/server.pp index cce6eb7..78b3df3 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -37,7 +37,7 @@ # [*ipp*] # Boolean. Persist ifconfig information to a file to retain client IP # addresses between sessions -# Default: true +# Default: false # # [*local*] # String. Interface for openvpn to bind to. @@ -103,11 +103,12 @@ define openvpn::server( $compression = 'comp-lzo', $dev = 'tun0', $group = 'nobody', - $ipp = true, + $ipp = false, + $ip_pool = [], $local = $::ipaddress_eth0, $logfile = false, $port = '1194', - $proto = 'tcp-server', + $proto = 'tcp', $status_log = "${name}/openvpn-status.log", $user = 'nobody', $server = '', @@ -129,6 +130,11 @@ define openvpn::server( default => false } + $tls_server = $proto ? { + /tcp/ => true, + default => false + } + file { ["/etc/openvpn/${name}", "/etc/openvpn/${name}/client-configs", "/etc/openvpn/${name}/download-configs" ]: ensure => directory; diff --git a/spec/defines/openvpn_server_spec.rb b/spec/defines/openvpn_server_spec.rb index ca72fc4..da50786 100644 --- a/spec/defines/openvpn_server_spec.rb +++ b/spec/defines/openvpn_server_spec.rb @@ -47,6 +47,7 @@ describe 'openvpn::server', :type => :define do it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^key\s+\/etc\/openvpn\/test_server\/keys\/server.key$/) } it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^dh\s+\/etc\/openvpn\/test_server\/keys\/dh1024.pem$/) } it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^proto\s+tcp-server$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^tls-server$/) } it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^port\s+1194$/) } it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^comp-lzo$/) } it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^group\s+nobody$/) } @@ -55,6 +56,7 @@ describe 'openvpn::server', :type => :define do it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^status\s+test_server\/openvpn\-status\.log$/) } it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^dev\s+tun0$/) } it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^local\s+1\.2\.3\.4$/) } + it { should_not contain_file('/etc/openvpn/test_server.conf').with_content(/^ifconfig-pool-persist/) } end context "creating a server setting all parameters" do @@ -91,7 +93,8 @@ describe 'openvpn::server', :type => :define do it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^cert\s+\/etc\/openvpn\/test_server\/keys\/server.crt$/) } it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^key\s+\/etc\/openvpn\/test_server\/keys\/server.key$/) } it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^dh\s+\/etc\/openvpn\/test_server\/keys\/dh1024.pem$/) } - it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^proto\s+udp$/) } + it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^proto\s+udp-server$/) } + it { should_not contain_file('/etc/openvpn/test_server.conf').with_content(/^proto\s+tls-server$/) } it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^port\s+123$/) } it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^fake_compression$/) } it { should contain_file('/etc/openvpn/test_server.conf').with_content(/^group\s+someone$/) } @@ -153,6 +156,7 @@ describe 'openvpn::server', :type => :define do 'target' => '/etc/default/openvpn' )} + end end diff --git a/templates/server.erb b/templates/server.erb index a6025ca..1d1430c 100644 --- a/templates/server.erb +++ b/templates/server.erb @@ -4,8 +4,11 @@ ca /etc/openvpn/<%= scope.lookupvar('name') %>/keys/ca.crt cert /etc/openvpn/<%= scope.lookupvar('name') %>/keys/server.crt key /etc/openvpn/<%= scope.lookupvar('name') %>/keys/server.key dh /etc/openvpn/<%= scope.lookupvar('name') %>/keys/dh1024.pem -proto <%= scope.lookupvar('proto') %> +proto <%= scope.lookupvar('proto') %>-server port <%= scope.lookupvar('port') %> +<% if scope.lookupvar('tls_server') -%> +tls-server +<% end -%> <% if scope.lookupvar('compression') != '' -%> <%= scope.lookupvar('compression') %> <% end -%> |