OpenVPN module for puppet including client config/cert creation
Switch branches/tags
Nothing to show
Pull request Compare This branch is 548 commits behind luxflux:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
manifests
templates
.gitignore
Modulefile
Readme.markdown

Readme.markdown

OpenVPN Puppet module

OpenVPN module for puppet including client config/cert creation (tarball to download)

Dependencies

Supported OS

  • Debian Squeeze (should, as it works on Ubuntu Lucid)
  • Ubuntu 10.4, 12.04 (other untested)
  • CentOS

Example

# add a server instance
openvpn::server {
    "server1":
        country      => "CH",
        province     => "ZH",
        city         => "Winterthur",
        organization => "example.org",
        email        => "root@example.org";
}

# configure server
openvpn::option {
    "dev server1":
        key    => "dev",
        value  => "tun0",
        server => "server1";
    "script-security server1":
        key    => "script-security",
        value  => "3",
        server => "server1";
    "daemon server1":
        key    => "daemon",
        server => "server1";
    "keepalive server1":
        key    => "keepalive",
        value  => "10 60",
        server => "server1";
    "ping-timer-rem server1":
        key    => "ping-timer-rem",
        server => "server1";
    "persist-tun server1":
        key    => "persist-tun",
        server => "server1";
    "persist-key server1":
        key    => "persist-key",
        server => "server1";
    "proto server1":
        key    => "proto",
        value  => "tcp-server",
        server => "server1";
    "cipher server1":
        key    => "cipher",
        value  => "BF-CBC",
        server => "server1";
    "local server1":
        key    => "local",
        value  => $ipaddress,
        server => "server1";
    "tls-server server1":
        key    => "tls-server",
        server => "server1";
    "server server1":
        key    => "server",
        value  => "10.10.10.0 255.255.255.0",
        server => "server1";
    "lport server1":
        key    => "lport",
        value  => "1194",
        server => "server1";
    "management server1":
        key    => "management",
        value  => "/var/run/openvpn-server1.sock unix",
        server => "server1";
    "comp-lzo server1":
        key    => "comp-lzo",
        server => "server1";
    "topology server1":
        key    => "topology",
        value  => "subnet",
        server => "server1";
    "client-to-client server1":
        key    => "client-to-client",
        server => "server1";
}


# define clients
openvpn::client {
    [ "client1.example.org", "client2.example.org" ]:
        server      => "server1";
}

# add options to the client-config-dir file
openvpn::option {
    "iroute server1 client1.example.org home network":
        key    => "iroute",
        value  => "192.168.0.0 255.255.255.0",
        client => "client1.example.org",
        server => "server1",
        csc    => true;
}

# add an option to the client config
openvpn::option {
    "ifconfig server1 client2.example.org":
        key    => "ifconfig-push",
        value  => "10.10.10.2 255.255.255.0",
        client => "client2.example.org",
        server => "server1";
}

Don't forget the sysctl directive net.ipv4.ip_forward!