diff --git a/openvpn/manifest/init.pp b/openvpn/manifest/init.pp new file mode 100644 index 0000000..f279e04 --- /dev/null +++ b/openvpn/manifest/init.pp @@ -0,0 +1,55 @@ +# Install openvpn client +# +class openvpn::client { + + package { "openvpn": + ensure => installed, + } + + service { "openvpn": + ensure => running, + enable => true, + require => Package["openvpn"], + require => File["/etc/openvpn/openvpn.conf"], + require => File["/etc/openvpn/ta.key"], + require => File["/etc/openvpn/ca.crt"], + } + + file { "/etc/openvpn/openvpn.conf": + ensure => present, + content => template("openvpn/openvpn.conf.erb"), + mode => 0640, + owner => root, + group => root, + notify => Service["openvpn"] + require => Package["openvpn"], + } + file { "/etc/openvpn/ta.key": + ensure => present, + source => "puppet:///files/openvpn/ta.key", + mode => 0640, + owner => root, + group => root, + require => Package["openvpn"], + } + file { "/etc/openvpn/ca.crt": + ensure => present, + source => "puppet:///files/openvpn/ca.crt", + mode => 0640, + owner => root, + group => root, + require => Package["openvpn"], + } + if !$openvpn_server { + $openvpn_server = "127.0.0.1" + } + if !$openvpn_port { + $openvp_port = "1194" + } + if !$openvpn_ca { + $openvpn_ca = "ca.crt" + } + if !$openvpn_ta { + $openvp_ta = "ta.key" + } +} diff --git a/openvpn/templates/openvpn.conf.erb b/openvpn/templates/openvpn.conf.erb new file mode 100644 index 0000000..8f0b0f7 --- /dev/null +++ b/openvpn/templates/openvpn.conf.erb @@ -0,0 +1,14 @@ +ca <%= openvpn_ca %> +cert <%= puppet_ssldir %>/certs/<%= homename %>.pem +cipher AES-256-CBC +comp-lzo +dev tun +key <%= puppet_ssldir %>/private_keys/<%= homename %>.pem +port <%= openvpn_port %> +pull +remote <%= openvpn_server %> +route-delay 2 +route-method exe +tls-auth <%= openvpn_ta %> 1 +tls-client +verb 4