This repository has been archived by the owner on Jun 27, 2022. It is now read-only.
forked from cloudfoundry-community/openvpn-bosh-release
-
Notifications
You must be signed in to change notification settings - Fork 0
/
spec
121 lines (121 loc) · 3.69 KB
/
spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
---
name: "openvpn"
description: |
The `openvpn` job provides an OpenVPN server for clients to connect to.
packages:
- "openvpn"
templates:
bin/write-ccd.erb: "bin/write-ccd"
bin/client-connect: "bin/client-connect"
bin/control: "bin/control"
etc/openvpn.conf.erb: "etc/openvpn.conf"
provides:
- name: openvpn
type: openvpn
properties:
- protocol
- port
- cipher
- keysize
- tls_version_min
- tls_cipher
- tls_crypt
- tls_server # until tls_server.ca...
properties:
protocol:
default: tcp
description: "Protocol for the server"
enum:
- udp
- tcp
port:
default: 1194
description: "Bind Port for the server"
type: "integer"
extra_config:
default: ~
description: "Custom OpenVPN configuration statements (see [manual](https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage))"
type: "text"
extra_configs:
default: []
description: "A list of custom OpenVPN configuration statements (see [manual](https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage))"
type: "string[]"
local:
default: "0.0.0.0"
description: "Bind IP for the server"
regex: "\\d{1,3}.\\d{1,3}.\\d{1,3}.\\d{1,3}"
server:
description: "VPN IP and netmask (basis of the IP pool which the server will allocate to clients)"
regex: "\\d{1,3}.\\d{1,3}.\\d{1,3}.\\d{1,3} \\d{1,3}.\\d{1,3}.\\d{1,3}.\\d{1,3}"
device:
description: "Virtual network device to use"
default: "tun0"
routes:
default: []
description: "A list of routes for the local routing table (in the format of \"192.0.2.0 255.255.255.0\")"
type: "string[]"
push_routes:
default: []
description: "A list of routes to push to connecting clients (in the format of \"192.0.2.0 255.255.255.0\")"
type: "string[]"
push_dns:
default: []
description: "A list of DNS servers to push to connecting clients to enable DNS resolution over the VPN tunnel"
type: "string[]"
example:
- 8.8.4.4
- 8.8.8.8
push_dns_search_domains:
default: []
description: "List of search domains to push to clients"
type: "string[]"
compress:
description: "Default compression (or empty to disable)"
default: auto
enum:
- auto
- lzo
- lz4
- lz4-v2
cipher:
description: "Cipher for encrypting packets"
default: "AES-256-CBC"
keysize:
description: "Size of cipher key in bits (deprecated)"
deprecated: https://github.com/OpenVPN/openvpn/commit/ad178f01444d61e48fca83c4f0bc5d82270cee87
default: 256
type: "integer"
tls_version_min:
description: "The minimum TLS version accepted from peers"
default: "1.2"
tls_cipher:
description: "A colon-separated list of allowable TLS ciphers"
example: "DEFAULT:!EXP:!LOW:!MEDIUM"
tls_crypt:
description: "Encrypt control channel packets with private key"
tls_server:
description: "Certificate and Private Key for the server"
type: "certificate"
example:
ca: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
certificate: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
private_key: |
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
tls_crl:
description: "Certificate Revocation List (`X509 CRL`, including the begin/end markers)"
type: "text"
dh_pem:
description: "Diffie-Hellmann Key (`DH PARAMETERS`, including the begin/end markers)"
type: "text"
ccd:
description: "A list of Client Configuration Directives. This value is an array, with each client being an array whose first value is the client's common name and second value is the OpenVPN directives."
default: []
type: "array[]"