A puppet module for easy point-to-point OpenVPN configuration
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



The point of this module is basically easy-mode openvpn connections, just by reusing the certs which puppet's already created for you.

It's based on original work by @mithrandi, so a fair hattip there as should be noted.


Install the module as usual. Create a dh1024 (see puppetvpn/files/dh1024.pem if you don't know how).

Point to point VPNs can be defined as below. This will set up a p2p link between brown and yellow (examples presume include puppetvpn is in your default node)

node 'yellow.example' inherits default {
    puppetvpn::tls {
            local_port  => '4434',
            remote_host => 'brown.example',
            remote_port => '4434',
            role        => 'server',
            cert        => '/var/lib/puppet/ssl/certs/yellow.example.pem',
            key         => '/var/lib/puppet/ssl/private_keys/yellow.example.pem',
            local_addr  => '',
            remote_addr => ''

And a more hub-and-spoke setup can be done too. This will make red the hub, with blue and green being clients.

node 'red' inherits default {
    puppetvpn::server {
            port      => '1194',
            server_ip => ''

    puppetvpn::server {
            port      => '1195',
            server_ip => '',
            dev       => 'tun5',
            ccd       => 'ccd'
node 'green.example' inherits default {
    puppetvpn::client {
            remote_host => 'red.example'

    puppetvpn::client {
            remote_host => 'red.example',
            remote_port => '1195',
            dev         => 'tun5'
node 'blue.example' inherits default {
    puppetvpn::client {
            remote_host => 'red.example',
            remote_port => '1195'