README: update server as client howto ?

[peterbeck]

Hi Luxflux,

this is not a "real" issue, just a suggestion for the readme....

Maybe I'm missing something, but if I configure a server as a client exactly as shown in the readme, it doesn't work (I can remember it used to work some releases ago, but here on Debian Jessie with the most current pull of the module it doesn't)

Error 400 on SERVER: Could not find resource 'Openvpn::Ca[connection_name]' for relationship on 'Service[openvpn@connection_name]'

But when using the extca parameters, everything's working as excepted.

openvpn::server {
  'connection_name':
    port                   => 1101,
    remote                 => [ 'server.domain.tld 1193' ],
    server_poll_timeout    => 1,
    topology               => '',
    common_name            => 'connection_name',
    dev                    => 'tun-connection_name',
    compression            => 'comp-lzo',
    persist_key            => true,
    persist_tun            => true,
    proto                  => 'udp',
    verb                   => 3,
    extca_enabled          => true,
    extca_ca_cert_file     => "/etc/openvpn/connection_name/keys/ca.crt",
    extca_server_cert_file => "/etc/openvpn/connection_name/keys/connection_name.crt",
    extca_server_key_file  => "/etc/openvpn/connection_name/keys/connection_name.key",
}

Maybe this could be updated in the readme just to avoid questions ? ;-)

[luxflux]

Thank you for pointing this out. This seems more like a bug to me. It should work without enabling extca.

[javial82]

Hi,

only fyi, I've had the same problem. When you set the remote var the only extra parameters you need are:
extca_enabled, extca_ca_cert_file, extca_server_cert_file, extca_server_key_file.

You can read it in server.pp:

# [*extca_enabled*]
# Boolean. Turn this on if you are using an external CA solution, like FreeIPA.
# Once enabled, you must configure the remaining extca_* parameters.
# Default: false