forked from ISTI-ansible-roles/ansible-roles
53 lines
1.2 KiB
YAML
53 lines
1.2 KiB
YAML
---
|
|
openvpn_enabled: True
|
|
openvpn_enable_system_forward: True
|
|
openvpn_pkg_state: latest
|
|
openvpn_pkgs:
|
|
- openvpn
|
|
|
|
openvpn_radius_auth: False
|
|
openvpn_radius_pkg:
|
|
- openvpn-auth-radius
|
|
|
|
openvpn_ldap_auth: False
|
|
openvpn_ldap_pkg:
|
|
- openvpn-auth-ldap
|
|
|
|
openvpn_conf_dir: /etc/openvpn
|
|
openvpn_conf_name: openvpn.conf
|
|
|
|
openvpn_mode: server
|
|
openvpn_dev: tun
|
|
openvpn_port: 1194
|
|
openvpn_protocol: udp
|
|
openvpn_server_net: '192.168.254.0 255.255.255.0'
|
|
openvpn_push_routes:
|
|
- '192.168.253.0 255.255.255.0'
|
|
|
|
#openvpn_push_settings:
|
|
# - "dhcp-option DNS 10.66.0.4"
|
|
|
|
openvpn_tls_server: True
|
|
openvpn_dh: /etc/openvpn/dh2048.pem
|
|
openvpn_tls_auth: '/etc/openvpn/ta.key 0'
|
|
openvpn_install_alternative_ca: False
|
|
openvpn_alternative_ca_name: ca.pem
|
|
openvpn_ca: '/var/lib/acme/live/{{ ansible_fqdn }}/chain'
|
|
openvpn_cert: '/var/lib/acme/live/{{ ansible_fqdn }}/cert'
|
|
openvpn_key: '/var/lib/acme/live/{{ ansible_fqdn }}/privkey'
|
|
|
|
openvpn_compression_enabled: False
|
|
openvpn_keepalive: '10 120'
|
|
|
|
openvpn_cert_auth_enabled: True
|
|
openvpn_username_pam_auth: False
|
|
|
|
openvpn_max_clients: 50
|
|
openvpn_run_unprivileged: True
|
|
openvpn_unprivileged_user: nobody
|
|
openvpn_unprivileged_group: nogroup
|
|
openvpn_letsencrypt_managed: True
|
|
|
|
openvpn_verbosity_log: 3
|
|
openvpn_mute_after: 20
|