openvpn

deprecated
OpenVPN server puppet module

1,409,089 downloads

60,492 latest version

4.6 quality score

Version information

  • 4.0.1 (latest)
  • 4.0.0
  • 3.1.0
  • 3.0.0
  • 2.9.0
  • 2.8.0
  • 2.7.1
  • 2.7.0
  • 2.6.0
  • 2.5.0
  • 2.4.0
  • 2.3.0
  • 2.2.1
  • 2.2.0
  • 2.1.0
  • 2.0.1
  • 2.0.0
  • 1.0.2
  • 1.0.1
  • 0.1.0
released Sep 25th 2016
This version is compatible with:
  • Ubuntu
    ,
    Debian
    ,
    RedHat
    ,
    CentOS
    , Archlinux, FreeBSD
This module has been deprecated by its author since May 4th 2018.

The author has suggested puppet-openvpn as its replacement.

Start using this module

Tags: vpn, openvpn

Documentation

luxflux/openvpn — version 4.0.1 Sep 25th 2016

OpenVPN Puppet module Build Status

Puppet module to manage OpenVPN servers

Features

  • Client-specific rules and access policies
  • Generated client configurations and SSL-Certificates
  • Downloadable client configurations and SSL-Certificates for easy client configuration
  • Support for multiple server instances
  • Support for LDAP-Authentication
  • Support for server instance in client mode
  • Support for TLS

Supported OS

  • Ubuntu
  • Debian
  • CentOS
  • RedHat
  • Amazon

Dependencies

Puppet

  • Version >= 4

Example

  # add a server instance
  openvpn::server { 'winterthur':
    country      => 'CH',
    province     => 'ZH',
    city         => 'Winterthur',
    organization => 'example.org',
    email        => 'root@example.org',
    server       => '10.200.200.0 255.255.255.0',
  }

  # define clients
  openvpn::client { 'client1':
    server => 'winterthur',
  }
  openvpn::client { 'client2':
    server   => 'winterthur',
  }

  openvpn::client_specific_config { 'client1':
    server => 'winterthur',
    ifconfig => '10.200.200.50 10.200.200.51',
  }

  # a revoked client
  openvpn::client { 'client3':
    server => 'winterthur',
  }
  openvpn::revoke { 'client3':
    server => 'winterthur',
  }

  # a server in client mode
  file {
    '/etc/openvpn/zurich/keys/ca.crt':
      source => 'puppet:///path/to/ca.crt';
    '/etc/openvpn/zurich/keys/zurich.crt':
      source => 'puppet:///path/to/zurich.crt';
    '/etc/openvpn/zurich/keys/zurich.key':
      source => 'puppet:///path/to/zurich.key';
  }
  openvpn::server { 'zurich':
    remote  => [ 'mgmtnet3.nine.ch 1197', 'mgmtnet2.nine.ch 1197' ],
    require => [ File['/etc/openvpn/zurich/keys/ca.crt'],
                 File['/etc/openvpn/zurich/keys/zurich.crt'],
                 File['/etc/openvpn/zurich/keys/zurich.key'] ];

  }

Example with hiera

---
classes:
  - openvpn

openvpn::servers:
  'winterthur':
    country: 'CH'
    province: 'ZH'
    city: 'Winterthur'
    organization: 'example.org'
    email: 'root@example.org'
    server: '10.200.200.0 255.255.255.0'

openvpn::client_defaults:
  server: 'winterthur'

openvpn::clients:
  'client1': {}
  'client2': {}
  'client3': {}

openvpn::client_specific_configs:
  'client1':
    server: 'winterthur'
    ifconfig: '10.200.200.50 10.200.200.51'

openvpn::revokes:
  'client3':
    server: 'winterthur'

Don't forget the sysctl directive net.ipv4.ip_forward!

Contributions

Pull requests are very welcome. Join these fine folks who already helped to get this far with this module.

To help guaranteeing the stability of the module, please make sure to add tests to your pull request.