From ddfd82ee5027cb6bb5c6a63d3eb3cb6b6bf839da Mon Sep 17 00:00:00 2001
From: root <root@puppet.doop.fi>
Date: Wed, 13 Apr 2011 12:03:25 +0300
Subject: [PATCH] Added the first version of openvpn client. -Jarkko

---
 openvpn/manifest/init.pp           | 55 ++++++++++++++++++++++++++++++
 openvpn/templates/openvpn.conf.erb | 14 ++++++++
 2 files changed, 69 insertions(+)
 create mode 100644 openvpn/manifest/init.pp
 create mode 100644 openvpn/templates/openvpn.conf.erb

diff --git a/openvpn/manifest/init.pp b/openvpn/manifest/init.pp
new file mode 100644
index 0000000..f279e04
--- /dev/null
+++ b/openvpn/manifest/init.pp
@@ -0,0 +1,55 @@
+# Install openvpn client
+#
+class openvpn::client {
+
+    package { "openvpn":
+        ensure => installed,
+    }
+
+    service { "openvpn":
+        ensure  => running,
+        enable  => true,
+        require => Package["openvpn"],
+	require => File["/etc/openvpn/openvpn.conf"],
+	require => File["/etc/openvpn/ta.key"],
+	require => File["/etc/openvpn/ca.crt"],
+    }
+
+    file { "/etc/openvpn/openvpn.conf":
+        ensure  => present,
+	content => template("openvpn/openvpn.conf.erb"),
+        mode    => 0640,
+        owner   => root,
+        group   => root,
+	notify => Service["openvpn"] 
+        require => Package["openvpn"],
+    }
+    file { "/etc/openvpn/ta.key":
+        ensure  => present,
+        source  => "puppet:///files/openvpn/ta.key",
+        mode    => 0640,
+        owner   => root,
+        group   => root,
+        require => Package["openvpn"],
+    }
+    file { "/etc/openvpn/ca.crt":
+        ensure  => present,
+        source  => "puppet:///files/openvpn/ca.crt",
+        mode    => 0640,
+        owner   => root,
+        group   => root,
+        require => Package["openvpn"],
+    }
+    if !$openvpn_server {
+        $openvpn_server = "127.0.0.1"
+    }
+    if !$openvpn_port {
+        $openvp_port = "1194"
+    }
+    if !$openvpn_ca {
+        $openvpn_ca = "ca.crt"
+    }
+    if !$openvpn_ta {
+        $openvp_ta = "ta.key"
+    }
+}
diff --git a/openvpn/templates/openvpn.conf.erb b/openvpn/templates/openvpn.conf.erb
new file mode 100644
index 0000000..8f0b0f7
--- /dev/null
+++ b/openvpn/templates/openvpn.conf.erb
@@ -0,0 +1,14 @@
+ca <%= openvpn_ca %>
+cert <%= puppet_ssldir %>/certs/<%= homename %>.pem
+cipher AES-256-CBC
+comp-lzo
+dev tun
+key <%= puppet_ssldir %>/private_keys/<%= homename %>.pem
+port <%= openvpn_port %>
+pull
+remote <%= openvpn_server %>
+route-delay 2
+route-method exe
+tls-auth <%= openvpn_ta %> 1
+tls-client
+verb 4