A Puppet module to manage the OpenVPN client and server.
- Debian
- FreeBSD
- OpenBSD
The configuration for the OpenVPN server can be accomplished using the
openvpn::server
class.
class { "openvpn::server":
server => "10.0.0.0 255.255.255.0",
route => [
"10.0.1.0 255.255.255.0",
"10.0.2.0 255.255.255.0",
"10.0.3.0 255.255.255.0",
],
dns => '10.0.0.10',
crl => 'mysite/crl.pem',
}
To include pushing IPv6 routes, the route_ipv6
and the server_ipv6
parameters have been added to the openvpn::server
class.
class { "openvpn::server":
server_ipv6 => "10.0.0.0 255.255.255.0",
route_ipv6 => [
"fc00::/64",
],
dns => 'fc00::',
crl => 'mysite/crl.pem',
}
Clients can be configured using the openvpn::client
defined type. Multiple
connections can be specified if you have multiple locations to connect to.
openvpn::client { "node_${hostname}_dc1":
server => "vpn.dc1.example.com",
cert => "node_${hostname}";
}
openvpn::client { "node_${hostname}_office":
server => "vpn.office.example.com",
cert => "node_${hostname}";
}
Clients can have a more specific and static configuration. For example, if you wanted to specify the IP address a specific client should use, something like the following will work for this purpose.
openvpn::server::csc { "srv1.example.com":
content => "ifconfig-push 10.0.0.50 10.0.0.51",
}
- OSX Client Configuration
- Certificate management (piggyback on puppet?)
- IPv6 Route Support