forked from ISTI-ansible-roles/ansible-roles
70 lines
1.8 KiB
Django/Jinja
70 lines
1.8 KiB
Django/Jinja
mode {{ openvpn_mode }}
|
|
dev {{ openvpn_dev }}
|
|
port {{ openvpn_port }}
|
|
proto {{ openvpn_protocol }}
|
|
topology subnet
|
|
server {{ openvpn_server_net }}
|
|
ifconfig-pool-persist ipp/ipp.txt
|
|
client-config-dir ccd
|
|
{% if openvpn_client_routes is defined %}
|
|
{% for route in openvpn_client_routes %}
|
|
route {{ route }}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if openvpn_push_routes is defined %}
|
|
{% for route in openvpn_push_routes %}
|
|
push "route {{ route }}"
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if openvpn_push_settings is defined %}
|
|
{% for dhcp_opt in openvpn_push_settings %}
|
|
push "{{ dhcp_opt }}"
|
|
{% endfor %}
|
|
{% endif %}
|
|
cipher AES-256-CBC
|
|
{% if openvpn_compression_enabled %}
|
|
compress lz4-v2
|
|
push "compress lz4-v2"
|
|
{% endif %}
|
|
keepalive {{ openvpn_keepalive }}
|
|
{% if openvpn_cert_auth_enabled %}
|
|
tls-server
|
|
{% endif %}
|
|
tls-auth {{ openvpn_tls_auth }} 0
|
|
key-direction 0
|
|
dh {{ openvpn_dh }}
|
|
ca {{ openvpn_ca }}
|
|
cert {{ openvpn_cert }}
|
|
key {{ openvpn_key }}
|
|
{% if not openvpn_cert_auth_enabled %}
|
|
# Disable cert-auth
|
|
client-cert-not-required
|
|
{% endif %}
|
|
{% if openvpn_username_pam_auth %}
|
|
username-as-common-name
|
|
# PAM login
|
|
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login
|
|
{% endif %}
|
|
{% if openvpn_ldap_auth %}
|
|
plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth/auth-ldap.conf
|
|
{% endif %}
|
|
{% if openvpn_ldap_perl_auth %}
|
|
auth-user-pass-verify /etc/openvpn/auth/auth-ldap via-env
|
|
script-security 3 execve
|
|
{% endif %}
|
|
max-clients {{ openvpn_max_clients }}
|
|
persist-tun
|
|
persist-key
|
|
status status/openvpn-status.log
|
|
{% if openvpn_run_unprivileged %}
|
|
user {{ openvpn_unprivileged_user }}
|
|
group {{ openvpn_unprivileged_group }}
|
|
{% endif %}
|
|
verb {{ openvpn_verbosity_log }}
|
|
mute {{ openvpn_mute_after }}
|
|
{% if openvpn_protocol == 'udp' %}
|
|
# Notify the client that when the server restarts so it
|
|
# can automatically reconnect.
|
|
explicit-exit-notify 1
|
|
{% endif %}
|