openvpn

Install, enable and configure OpenVPN servers and static clients

Matthias Saou

thias

20,038 downloads

3,981 latest version

5.0 quality score

Version information

  • 1.0.5 (latest)
  • 1.0.4
  • 1.0.3
  • 1.0.2
  • 1.0.1
  • 1.0.0
  • 0.2.6
  • 0.2.5
  • 0.2.4
  • 0.2.3
  • 0.2.2
  • 0.2.1
  • 0.2.0
released Jan 21st 2019
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >=2.7.20 <7.0.0
  • RedHat
    ,
    CentOS
    ,
    Debian
    ,
    Ubuntu

Start using this module

Documentation

thias/openvpn — version 1.0.5 Jan 21st 2019

puppet-openvpn

Overview

Puppet module to manage OpenVPN links. It supports Red Hat Enterprise Linux (RHEL) or any of its clones, as well as Gentoo Linux, and should be easy to modify to support more distributions.

  • openvpn : Main class to install, enable and configure the service.
  • openvpn::conf : Definition to manage OpenVPN configuration files.
  • openvpn::conftemplate : Same as conf, but based on an included template.
  • openvpn::secret : Definition to manage OpenVPN secret key files.
  • openvpn::startup_script : Class to configure an optional startup script.

Examples

Basic OpenVPN setup :

include '::openvpn'
openvpn::secret { 'example.key':
  source => 'puppet:///modules/mymodule/openvpn/example.key',
}
openvpn::conftemplate { 'example':
  dev              => 'tun0',
  remote           => 'remote-server.example.com',
  ipaddress_local  => '192.168.0.1',
  ipaddress_remote => '192.168.0.2',
  routes           => [ '192.168.1.0 255.255.255.0' ],
  secret           => 'example.key',
}

For a user VPN we also need to pre-create a tap device when OpenVPN starts and add it to an existing network bridge :

$tapdev = 'tap1'
$tapbridge = 'br1'
class { '::openvpn::startup_script':
  content => template('openvpn/openvpn-startup.erb'),
}

If you intend to run OpenVPN on non-standard ports, you will need to modify your SELinux policy accordingly. Here is one (fragile) way of doing it :

# Add 4100-4149 udp port range for OpenVPN links
exec { '/usr/sbin/semanage port -a -t openvpn_port_t -p udp 4100-4149':
    unless => '/usr/sbin/semanage port -l -C | /bin/grep -q openvpn_port_t',
}