summaryrefslogtreecommitdiff
path: root/roles/network/openvpn/client
diff options
context:
space:
mode:
Diffstat (limited to 'roles/network/openvpn/client')
-rw-r--r--roles/network/openvpn/client/tasks/main.yml14
-rw-r--r--roles/network/openvpn/client/templates/conf.j218
2 files changed, 29 insertions, 3 deletions
diff --git a/roles/network/openvpn/client/tasks/main.yml b/roles/network/openvpn/client/tasks/main.yml
index 49f6443f..3067609c 100644
--- a/roles/network/openvpn/client/tasks/main.yml
+++ b/roles/network/openvpn/client/tasks/main.yml
@@ -2,6 +2,14 @@
- name: create TLS certificate and key
import_tasks: tls.yml
-## TODO:
-## - generate/install openvpn configuration
-## - enable/start "openvpn-server@{{ openvpn_zone.name }}"
+- name: generate openvpn config
+ template:
+ src: conf.j2
+ dest: "/etc/openvpn/client/{{ openvpn_zone.name }}.conf"
+ notify: restart openvpn-client
+
+- name: make sure openvpn-client systemd unit is enabled and started
+ systemd:
+ name: "openvpn-client@{{ openvpn_zone.name }}"
+ state: started
+ enabled: yes
diff --git a/roles/network/openvpn/client/templates/conf.j2 b/roles/network/openvpn/client/templates/conf.j2
new file mode 100644
index 00000000..f9d8775b
--- /dev/null
+++ b/roles/network/openvpn/client/templates/conf.j2
@@ -0,0 +1,18 @@
+client
+proto udp
+remote {{ openvpn_zone.server_addr }} {{ openvpn_zone.server_port }}
+ping 60
+ping-timer-rem
+
+tls-client
+ca /etc/ssl/openvpn/{{ openvpn_zone.name }}/ca-crt.pem
+cert /etc/ssl/openvpn/{{ openvpn_zone.name }}/client/crt.pem
+key /etc/ssl/openvpn/{{ openvpn_zone.name }}/client/key.pem
+remote-cert-tls server
+cipher AES-256-GCM
+persist-key
+
+dev tun
+persist-tun
+
+pull
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-01 11:05:17 +0000