diff options
Diffstat (limited to 'roles/network/openvpn/client')
-rw-r--r-- | roles/network/openvpn/client/tasks/main.yml | 14 | ||||
-rw-r--r-- | roles/network/openvpn/client/templates/conf.j2 | 18 |
2 files changed, 29 insertions, 3 deletions
diff --git a/roles/network/openvpn/client/tasks/main.yml b/roles/network/openvpn/client/tasks/main.yml index 49f6443f..3067609c 100644 --- a/roles/network/openvpn/client/tasks/main.yml +++ b/roles/network/openvpn/client/tasks/main.yml @@ -2,6 +2,14 @@ - name: create TLS certificate and key import_tasks: tls.yml -## TODO: -## - generate/install openvpn configuration -## - enable/start "openvpn-server@{{ openvpn_zone.name }}" +- name: generate openvpn config + template: + src: conf.j2 + dest: "/etc/openvpn/client/{{ openvpn_zone.name }}.conf" + notify: restart openvpn-client + +- name: make sure openvpn-client systemd unit is enabled and started + systemd: + name: "openvpn-client@{{ openvpn_zone.name }}" + state: started + enabled: yes diff --git a/roles/network/openvpn/client/templates/conf.j2 b/roles/network/openvpn/client/templates/conf.j2 new file mode 100644 index 00000000..f9d8775b --- /dev/null +++ b/roles/network/openvpn/client/templates/conf.j2 @@ -0,0 +1,18 @@ +client +proto udp +remote {{ openvpn_zone.server_addr }} {{ openvpn_zone.server_port }} +ping 60 +ping-timer-rem + +tls-client +ca /etc/ssl/openvpn/{{ openvpn_zone.name }}/ca-crt.pem +cert /etc/ssl/openvpn/{{ openvpn_zone.name }}/client/crt.pem +key /etc/ssl/openvpn/{{ openvpn_zone.name }}/client/key.pem +remote-cert-tls server +cipher AES-256-GCM +persist-key + +dev tun +persist-tun + +pull |