openvpn
Install, enable and configure OpenVPN servers and static clients
Version information
released Jun 12th 2021
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >=2.7.20 <8.0.0
- , , ,
Start using this module
Add this module to your Puppetfile:
mod 'thias-openvpn', '1.0.6'
Learn more about managing modules with a PuppetfileDocumentation
thias/openvpn — version 1.0.6 Jun 12th 2021
puppet-openvpn
Overview
Puppet module to manage OpenVPN links. It supports Red Hat Enterprise Linux (RHEL) or any of its clones, as well as Gentoo Linux, and should be easy to modify to support more distributions.
openvpn
: Main class to install, enable and configure the service.openvpn::conf
: Definition to manage OpenVPN configuration files.openvpn::conftemplate
: Same as conf, but based on an included template.openvpn::secret
: Definition to manage OpenVPN secret key files.openvpn::startup_script
: Class to configure an optional startup script.
Examples
Basic OpenVPN setup :
include '::openvpn'
openvpn::secret { 'example.key':
source => 'puppet:///modules/mymodule/openvpn/example.key',
}
openvpn::conftemplate { 'example':
dev => 'tun0',
remote => 'remote-server.example.com',
ipaddress_local => '192.168.0.1',
ipaddress_remote => '192.168.0.2',
routes => [ '192.168.1.0 255.255.255.0' ],
secret => 'example.key',
}
For a user VPN we also need to pre-create a tap device when OpenVPN starts and add it to an existing network bridge :
$tapdev = 'tap1'
$tapbridge = 'br1'
class { '::openvpn::startup_script':
content => template('openvpn/openvpn-startup.erb'),
}
If you intend to run OpenVPN on non-standard ports, you will need to modify your SELinux policy accordingly. Here is one (fragile) way of doing it :
# Add 4100-4149 udp port range for OpenVPN links
exec { '/usr/sbin/semanage port -a -t openvpn_port_t -p udp 4100-4149':
unless => '/usr/sbin/semanage port -l -C | /bin/grep -q openvpn_port_t',
}
- Allow disabling compression and adding extra lines in conftemplate.
2019-01-21 - 1.0.5
- Make sure openvpn-startup doesn't fail if tap already exists in bridge.
2017-12-04 - 1.0.4
- Add local source address conftemplate parameter (#7, @forgodssake).
2016-02-02 - 1.0.3
- Refresh (multi)service when config file changes (#6, @jlambert121).
2015-10-15 - 1.0.2
- Add support for proto in conftemplate.
- Fix startup_script with multiservice.
- Do not output secret files changes with show_diff (#4, @TJM).
2015-04-28 - 1.0.1
- Fix OS version comparison for Puppet 4.
2015-03-12 - 1.0.0
- Work around for service enable broken on RHEL 7.1.
2014-12-16 - 0.2.6
- Minor clean ups and changes to make puppet-lint happy.
2014-12-16 - 0.2.5
- Rename startup script class for future parser compatibility.
- Update README.
- Add user/group and verb options for conftemplate (#3, @kernel23).
2014-05-05 - 0.2.4
- Add support for RHEL7 (systemctl with '@' multiservice).
2014-04-28 - 0.2.3
- Fix service requirement for multiservice conf.
- Add fragment and mssfix to the default.conf template.
- Support absent for secret files.
2013-10-02 - 0.2.2
- Add suport for Ubuntu/Debian, it works fine out of the box (rjpearce).
2013-05-29 - 0.2.1
- Add a params class for package and service names.
- Support "multiservice", where each conf has its own init.d symlink (Gentoo).
2013-05-24 - 0.2.0
- Update README and use markdown.
- Change to 2-space indent.
- Add missing @ variable prefix in config template.
- Change conftemplate to be a wrapper of conf, to avoid duplicating code.
2012-09-25 - 0.1.1
- Start cleaning up the module.
Copyright (C) 2012-2016 Matthias Saou Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.