Do not enable 'persist-tun' by default.

2020-05-07 10:51:31 +02:00 · 2020-05-07 10:51:31 +02:00 · 3d6ed788a2
parent e14219ef9b
commit 3d6ed788a2
3 changed files with 7 additions and 2 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -48,6 +48,7 @@ openvpn_force_ccd: False
 # openvpn_users_customizations: 
 #   - { cn: 'Joe Bar', ip: '<Client IP>', netmask: '<openvpn_server_net netmask>', routes: [ '192.168.253.0 255.255.255.0' ] }

+openvpn_persist_tun: False
 openvpn_tls_server: True
 openvpn_dh: /etc/openvpn/dh2048.pem
 openvpn_tls_auth: '/etc/openvpn/ta.key'
--- a/templates/client.conf.j2
+++ b/templates/client.conf.j2
@ -14,7 +14,9 @@ group {{ openvpn_unprivileged_group }}
 {% endif %}
 # Try to preserve some state across restarts.
 persist-key
-#persist-tun
+{% if openvpn_persist_tun %}
+persist-tun
+{% endif %}
 dh {{ openvpn_dh }}
 ca {{ openvpn_ca }}
 cert {{ openvpn_cert }}
--- a/templates/server.conf.j2
+++ b/templates/server.conf.j2
@ -66,8 +66,10 @@ auth-user-pass-verify /etc/openvpn/auth/auth-ldap via-env
 script-security 3 execve
 {% endif %}
 max-clients {{ openvpn_max_clients }}
-persist-tun
 persist-key
+{% if openvpn_persist_tun %}
+persist-tun
+{% endif %}
 status status/openvpn-status.log
 {% if openvpn_run_unprivileged %}
 user {{ openvpn_unprivileged_user }}