Forge Home

openvpn

UNKNOWN

1,408,346 downloads

60,364 latest version

1.5 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 4.0.1 (latest)
  • 4.0.0
  • 3.1.0
  • 3.0.0
  • 2.9.0
  • 2.8.0
  • 2.7.1
  • 2.7.0
  • 2.6.0
  • 2.5.0
  • 2.4.0
  • 2.3.0
  • 2.2.1
  • 2.2.0
  • 2.1.0
  • 2.0.1
  • 2.0.0
  • 1.0.2
  • 1.0.1
  • 0.1.0
released Feb 23rd 2012
This module has been deprecated by its author since May 4th 2018.

The author has suggested puppet-openvpn as its replacement.

Start using this module

Tags: vpn, openvpn

Documentation

luxflux/openvpn — version 1.0.1 Feb 23rd 2012

OpenVPN Puppet module

OpenVPN module for puppet including client config/cert creation (tarball to download)

Dependencies

Supported OS

  • Debian Squeeze (should, as it works on Ubuntu Lucid)
  • Ubuntu 10.4 (other untested)
  • CentOS

Example

# add a server instance
openvpn::server {
    "server1":
        country      => "CH",
        province     => "ZH",
        city         => "Winterthur",
        organization => "example.org",
        email        => "root@example.org";
}

# configure server
openvpn::option {
    "dev server1":
        key    => "dev",
        value  => "tun0",
        server => "server1";
    "script-security server1":
        key    => "script-security",
        value  => "3",
        server => "server1";
    "daemon server1":
        key    => "daemon",
        server => "server1";
    "keepalive server1":
        key    => "keepalive",
        value  => "10 60",
        server => "server1";
    "ping-timer-rem server1":
        key    => "ping-timer-rem",
        server => "server1";
    "persist-tun server1":
        key    => "persist-tun",
        server => "server1";
    "persist-key server1":
        key    => "persist-key",
        server => "server1";
    "proto server1":
        key    => "proto",
        value  => "tcp-server",
        server => "server1";
    "cipher server1":
        key    => "cipher",
        value  => "BF-CBC",
        server => "server1";
    "local server1":
        key    => "local",
        value  => $ipaddress,
        server => "server1";
    "tls-server server1":
        key    => "tls-server",
        server => "server1";
    "server server1":
        key    => "server",
        value  => "10.10.10.0 255.255.255.0",
        server => "server1";
    "client-config-dir server1":
        key    => "client-config-dir",
        value  => "/etc/openvpn/server1/client-configs",
        server => "server1";
    "lport server1":
        key    => "lport",
        value  => "1194",
        server => "server1";
    "management server1":
        key    => "management",
        value  => "/var/run/openvpn-server1.sock unix",
        server => "server1";
    "comp-lzo server1":
        key    => "comp-lzo",
        server => "server1";
    "topology server1":
        key    => "topology",
        value  => "subnet",
        server => "server1";
    "client-to-client server1":
        key    => "client-to-client",
        server => "server1";
}


# define clients
openvpn::client {
    [ "client1.example.org", "client2.example.org" ]:
        server      => "server1";
}

# add options to the client-config-dir file
openvpn::option {
    "iroute server1 client1.example.org home network":
        key    => "iroute",
        value  => "192.168.0.0 255.255.255.0",
        client => "client1.example.org",
        server => "server1",
        csc    => true;
}

# add an option to the client config
openvpn::option {
    "ifconfig server1 client2.example.org":
        key    => "ifconfig-push",
        value  => "10.10.10.2 255.255.255.0",
        client => "client2.example.org",
        server => "server1";
}

Don't forget the sysctl directive 'net.ipv4.ip_forward'!