Added the first version of openvpn client. -Jarkko

openvpn/manifest/init.pp

@@ -0,0 +1,55 @@
+# Install openvpn client
+#
+class openvpn::client {
+
+    package { "openvpn":
+        ensure => installed,
+    }
+
+    service { "openvpn":
+        ensure  => running,
+        enable  => true,
+        require => Package["openvpn"],
+	require => File["/etc/openvpn/openvpn.conf"],
+	require => File["/etc/openvpn/ta.key"],
+	require => File["/etc/openvpn/ca.crt"],
+    }
+
+    file { "/etc/openvpn/openvpn.conf":
+        ensure  => present,
+	content => template("openvpn/openvpn.conf.erb"),
+        mode    => 0640,
+        owner   => root,
+        group   => root,
+	notify => Service["openvpn"] 
+        require => Package["openvpn"],
+    }
+    file { "/etc/openvpn/ta.key":
+        ensure  => present,
+        source  => "puppet:///files/openvpn/ta.key",
+        mode    => 0640,
+        owner   => root,
+        group   => root,
+        require => Package["openvpn"],
+    }
+    file { "/etc/openvpn/ca.crt":
+        ensure  => present,
+        source  => "puppet:///files/openvpn/ca.crt",
+        mode    => 0640,
+        owner   => root,
+        group   => root,
+        require => Package["openvpn"],
+    }
+    if !$openvpn_server {
+        $openvpn_server = "127.0.0.1"
+    }
+    if !$openvpn_port {
+        $openvp_port = "1194"
+    }
+    if !$openvpn_ca {
+        $openvpn_ca = "ca.crt"
+    }
+    if !$openvpn_ta {
+        $openvp_ta = "ta.key"
+    }
+}

openvpn/templates/openvpn.conf.erb

@@ -0,0 +1,14 @@
+ca <%= openvpn_ca %>
+cert <%= puppet_ssldir %>/certs/<%= homename %>.pem
+cipher AES-256-CBC
+comp-lzo
+dev tun
+key <%= puppet_ssldir %>/private_keys/<%= homename %>.pem
+port <%= openvpn_port %>
+pull
+remote <%= openvpn_server %>
+route-delay 2
+route-method exe
+tls-auth <%= openvpn_ta %> 1
+tls-client
+verb 4