summaryrefslogtreecommitdiff
path: root/README
blob: 59d80a8b651254fc4a02fc553498fc9ca51533e8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
OpenVPN Puppet module
=====================

Example Usage:
--------------

# add a server instance
openvpn::server {
    "server1":
        country      => "CH",
        province     => "ZH",
        city         => "Winterthur",
        organization => "example.org",
        email        => "root@example.org";
}

# configure server
openvpn::option {
    "dev server1":
        key    => "dev",
        value  => "tun0",
        server => "server1";
    "script-security server1":
        key    => "script-security",
        value  => "3",
        server => "server1";
    "daemon server1":
        key    => "daemon",
        server => "server1";
    "keepalive server1":
        key    => "keepalive",
        value  => "10 60",
        server => "server1";
    "ping-timer-rem server1":
        key    => "ping-timer-rem",
        server => "server1";
    "persist-tun server1":
        key    => "persist-tun",
        server => "server1";
    "persist-key server1":
        key    => "persist-key",
        server => "server1";
    "proto server1":
        key    => "proto",
        value  => "tcp-server",
        server => "server1";
    "cipher server1":
        key    => "cipher",
        value  => "BF-CBC",
        server => "server1";
    "local server1":
        key    => "local",
        value  => $ipaddress,
        server => "server1";
    "tls-server server1":
        key    => "tls-server",
        server => "server1";
    "server server1":
        key    => "server",
        value  => "10.10.10.0 255.255.255.0",
        server => "server1";
    "client-config-dir server1":
        key    => "client-config-dir",
        value  => "/etc/openvpn/server1/client-configs",
        server => "server1";
    "lport server1":
        key    => "lport",
        value  => "1194",
        server => "server1";
    "management server1":
        key    => "management",
        value  => "/var/run/openvpn-server1.sock unix",
        server => "server1";
    "comp-lzo server1":
        key    => "comp-lzo",
        server => "server1";
    "topology server1":
        key    => "topology",
        value  => "subnet",
        server => "server1";
    "client-to-client server1":
        key    => "client-to-client",
        server => "server1";
}


    # define clients
    openvpn::client {
        [ "client1.example.org", "client2.example.org" ]:
            server      => "server1";
    }

    # add options to the client-config-dir file
    openvpn::option {
        "iroute server1 client1.example.org home network":
            key    => "iroute",
            value  => "192.168.0.0 255.255.255.0",
            client => "client1.example.org",
            server => "server1",
            csc    => true;
    }

    # add an option to the client config
    openvpn::option {
        "ifconfig server1 client2.example.org":
            key    => "ifconfig-push",
            value  => "10.10.10.2 255.255.255.0",
            client => "client2.example.org",
            server => "server1";
    }

Don't forget the sysctl directive 'net.ipv4.ip_forward'!