From c6f9e4ff4ac280e4be7ddfee1d037b4a29ae787c Mon Sep 17 00:00:00 2001 From: Raffael Schmid Date: Fri, 10 Feb 2012 17:20:57 +0100 Subject: update readme to link to our dependencies --- Readme.markdown | 115 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 Readme.markdown (limited to 'Readme.markdown') diff --git a/Readme.markdown b/Readme.markdown new file mode 100644 index 0000000..499a48d --- /dev/null +++ b/Readme.markdown @@ -0,0 +1,115 @@ +# OpenVPN Puppet module + +OpenVPN module for puppet including client config/cert creation (tarball to download) + +## Dependencies + - [puppet-concat](https://github.com/ripienaar/puppet-concat) + +## Example + + # add a server instance + openvpn::server { + "server1": + country => "CH", + province => "ZH", + city => "Winterthur", + organization => "example.org", + email => "root@example.org"; + } + + # configure server + openvpn::option { + "dev server1": + key => "dev", + value => "tun0", + server => "server1"; + "script-security server1": + key => "script-security", + value => "3", + server => "server1"; + "daemon server1": + key => "daemon", + server => "server1"; + "keepalive server1": + key => "keepalive", + value => "10 60", + server => "server1"; + "ping-timer-rem server1": + key => "ping-timer-rem", + server => "server1"; + "persist-tun server1": + key => "persist-tun", + server => "server1"; + "persist-key server1": + key => "persist-key", + server => "server1"; + "proto server1": + key => "proto", + value => "tcp-server", + server => "server1"; + "cipher server1": + key => "cipher", + value => "BF-CBC", + server => "server1"; + "local server1": + key => "local", + value => $ipaddress, + server => "server1"; + "tls-server server1": + key => "tls-server", + server => "server1"; + "server server1": + key => "server", + value => "10.10.10.0 255.255.255.0", + server => "server1"; + "client-config-dir server1": + key => "client-config-dir", + value => "/etc/openvpn/server1/client-configs", + server => "server1"; + "lport server1": + key => "lport", + value => "1194", + server => "server1"; + "management server1": + key => "management", + value => "/var/run/openvpn-server1.sock unix", + server => "server1"; + "comp-lzo server1": + key => "comp-lzo", + server => "server1"; + "topology server1": + key => "topology", + value => "subnet", + server => "server1"; + "client-to-client server1": + key => "client-to-client", + server => "server1"; + } + + + # define clients + openvpn::client { + [ "client1.example.org", "client2.example.org" ]: + server => "server1"; + } + + # add options to the client-config-dir file + openvpn::option { + "iroute server1 client1.example.org home network": + key => "iroute", + value => "192.168.0.0 255.255.255.0", + client => "client1.example.org", + server => "server1", + csc => true; + } + + # add an option to the client config + openvpn::option { + "ifconfig server1 client2.example.org": + key => "ifconfig-push", + value => "10.10.10.2 255.255.255.0", + client => "client2.example.org", + server => "server1"; + } + +Don't forget the sysctl directive 'net.ipv4.ip_forward'! -- cgit v1.2.3