forked from Stouts/Stouts.openvpn
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.yml
87 lines (71 loc) · 2.19 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
---
# Set to 'false' to completely disable the role
openvpn_enabled: true
openvpn_etcdir: /etc/openvpn
openvpn_keydir: "{{openvpn_etcdir}}/keys"
# Set to 'true' to install openvpn from the upstream repo
openvpn_use_external_repo: false
# Set to 'true' to install EasyRSA from system packages
openvpn_use_system_easyrsa: false
# Default settings (See OpenVPN documentation)
openvpn_host: "{{inventory_hostname}}"
openvpn_port: 1194
openvpn_proto: udp
openvpn_dev: tun
openvpn_server: 10.8.0.0 255.255.255.0
openvpn_bridge: {}
openvpn_max_clients: 100
openvpn_log: /var/log/openvpn.log
openvpn_keepalive: "10 120"
openvpn_ifconfig_pool_persist: ipp.txt
openvpn_comp_lzo: true
openvpn_cipher: BF-CBC
openvpn_status: openvpn-status.log
openvpn_verb: 3
openvpn_tls_auth: false
openvpn_tls_key: "ta.key"
openvpn_user: nobody
openvpn_group: nogroup
openvpn_resolv_retry: infinite
openvpn_client_to_client: true
openvpn_server_options: []
# Additional server options
# openvpn_server_options:
# - dev-node MyTap
# - client-to-client
openvpn_client_options: []
# Additional client options
# openvpn_client_options:
# - dev-node MyTap
# - client-to-client
openvpn_key_country: US
openvpn_key_province: CA
openvpn_key_city: SanFrancisco
openvpn_key_org: Fort-Funston
openvpn_key_email: me@myhost.mydomain
openvpn_key_size: 1024
# Make clients certificate
openvpn_clients:
- client
# Revoke clients certificates
openvpn_clients_revoke: []
# Use PAM authentication
openvpn_use_pam: true
openvpn_use_pam_users: []
# Only for Debian-based, CentOS requires 'pam_pwdfile' from third party repos.
# If empty use system users
# otherwise use users from the option
# openvpn_use_pam_users:
# - { name: user, password: password }
# LDAP authentication and configuration (optional)
openvpn_use_ldap: false
openvpn_ldap_tlsenable: 'false'
openvpn_ldap_follow_referrals: 'false'
# Use simple authentication (default is disabled)
openvpn_simple_auth: false
openvpn_simple_auth_password: ""
# Whether to embed CA, cert, and key info inside client OVPN config file.
openvpn_unified_client_profiles: false
# Download the created client credentials to the specified directory
openvpn_download_clients: false
openvpn_download_dir: "client_credentials/"