| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 |
- #
- # {{ netname }} / {{ network_config.get ('_desc', '') }} (Salt managed)
- #
- {%- set mode = config.get ('mode', 'client') %}
- {%- if 'server' in mode %}
- local {{ network_config.get ('server_ip') }}
- port {{ network_config.get ('port') }}
- tls-server
- {%- elif 'client' in mode %}
- remote {{ config.get ('remote', config.get ('server_ip')) }} {{ network_config.get ('port') }}
- tls-client
- nobind
- {%- endif %}
- {%- if 'bind_dev' in config %}
- bind-dev {{ config.get ('bind_dev') }}
- {%- endif %}
- proto {{ network_config.get ('proto', 'udp') }}
- dev-type {{ network_config.get ('dev-type', 'tap') }}
- dev {{ config.get ('interface') }}
- {%- if mode == 'server' %}
- mode server
- client-config-dir /etc/openvpn/{{ netname }}
- ccd-exclusive
- push "route remote_host 255.255.255.255 net_gateway"
- {%- endif %}
- ca /etc/ssl/certs/ffho-cacert.pem
- cert /etc/ssl/certs/{{ host_config.get ('cert_cn', grains['id']) }}.cert.pem
- key /etc/ssl/private/{{ host_config.get ('cert_cn', grains['id']) }}.key.pem
- dh /etc/openvpn/dh1024.pem
- script-security 2
- up /etc/openvpn/ifup
- down /etc/openvpn/ifdown
- keepalive 10 30
- {%- if 'server' in mode %}
- connect-retry 1 1
- {%- endif %}
- comp-lzo
- persist-key
- persist-tun
- status /var/log/openvpn/openvpn-status-{{ netname }}.log
- verb 1
|
