add simple support for remote subnet routes

2 files changed, 7 insertions, 1 deletions

diff --git a/roles/network/openvpn/server/templates/client.j2 b/roles/network/openvpn/server/templates/client.j2
index c6cd6c8d..0a0faf5f 100644
--- a/roles/network/openvpn/server/templates/client.j2
+++ b/roles/network/openvpn/server/templates/client.j2
@@ -1,5 +1,4 @@
 ifconfig-push {{ openvpn_zone.subnet | ipaddr(openvpn_zone.offsets[client]) | ipaddr('address') }} {{ openvpn_zone.subnet | ipaddr('netmask') }}
 {% for route in (openvpn_zone.routes[client] | default([])) %}
 iroute {{ route | ipaddr('network') }} {{ route | ipaddr('netmask') }}
-{# TODO: install route locally... #}
 {% endfor %}
diff --git a/roles/network/openvpn/server/templates/conf.j2 b/roles/network/openvpn/server/templates/conf.j2
index b00d7ec7..7bfff141 100644
--- a/roles/network/openvpn/server/templates/conf.j2
+++ b/roles/network/openvpn/server/templates/conf.j2
@@ -23,3 +23,10 @@ ifconfig {{ openvpn_zone.subnet | ipaddr(openvpn_zone.offsets[inventory_hostname
 push "topology subnet"
 client-config-dir {{ openvpn_zone.name }}-ccd/
 ccd-exclusive
+{% for client, routes in (openvpn_zone.routes | default({})).items() %}
+
+## static routes for client {{ client }}
+{%   for route in routes %}
+route {{ route | ipaddr('network') }} {{ route | ipaddr('netmask') }} {{ openvpn_zone.subnet | ipaddr(openvpn_zone.offsets[client]) | ipaddr('address') }}
+{%   endfor %}
+{% endfor %}