openvpn.conf.tmpl 1.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657
  1. #
  2. # {{ netname }} / {{ network_config.get ('_desc', '') }} (Salt managed)
  3. #
  4. {%- set mode = config.get ('mode', 'client') %}
  5. {%- if 'server' in mode %}
  6. local {{ network_config.get ('server_ip') }}
  7. port {{ network_config.get ('port') }}
  8. tls-server
  9. {%- elif 'client' in mode %}
  10. remote {{ config.get ('remote', config.get ('server_ip')) }} {{ network_config.get ('port') }}
  11. tls-client
  12. nobind
  13. {%- endif %}
  14. {%- if 'bind_dev' in config %}
  15. bind-dev {{ config.get ('bind_dev') }}
  16. {%- endif %}
  17. proto {{ network_config.get ('proto', 'udp') }}
  18. dev-type {{ network_config.get ('dev-type', 'tap') }}
  19. dev {{ config.get ('interface') }}
  20. {%- if mode == 'server' %}
  21. mode server
  22. client-config-dir /etc/openvpn/{{ netname }}
  23. ccd-exclusive
  24. push "route remote_host 255.255.255.255 net_gateway"
  25. {%- endif %}
  26. ca /etc/ssl/certs/ffho-cacert.pem
  27. cert /etc/ssl/certs/{{ host_config.get ('cert_cn', grains['id']) }}.cert.pem
  28. key /etc/ssl/private/{{ host_config.get ('cert_cn', grains['id']) }}.key.pem
  29. dh /etc/ssl/dhparam.pem
  30. script-security 2
  31. up /etc/openvpn/ifup
  32. down /etc/openvpn/ifdown
  33. keepalive 10 30
  34. {%- if 'server' in mode %}
  35. connect-retry 1 1
  36. {%- endif %}
  37. comp-lzo
  38. persist-key
  39. persist-tun
  40. status /var/log/openvpn/openvpn-status-{{ netname }}.log
  41. verb 1