summaryrefslogtreecommitdiff
path: root/roles/network/openvpn/server/templates/conf.j2
diff options
context:
space:
mode:
Diffstat (limited to 'roles/network/openvpn/server/templates/conf.j2')
-rw-r--r--roles/network/openvpn/server/templates/conf.j225
1 files changed, 25 insertions, 0 deletions
diff --git a/roles/network/openvpn/server/templates/conf.j2 b/roles/network/openvpn/server/templates/conf.j2
new file mode 100644
index 00000000..b00d7ec7
--- /dev/null
+++ b/roles/network/openvpn/server/templates/conf.j2
@@ -0,0 +1,25 @@
+mode server
+
+proto udp
+lport {{ openvpn_zone.server_port }}
+ping 60
+ping-timer-rem
+
+tls-server
+ca /etc/ssl/openvpn/{{ openvpn_zone.name }}/ca-crt.pem
+dh /etc/ssl/openvpn/{{ openvpn_zone.name }}/dhparams.pem
+cert /etc/ssl/openvpn/{{ openvpn_zone.name }}/server/crt.pem
+key /etc/ssl/openvpn/{{ openvpn_zone.name }}/server/key.pem
+verify-client-cert require
+remote-cert-tls client
+cipher AES-256-GCM
+persist-key
+
+dev tun
+persist-tun
+
+topology subnet
+ifconfig {{ openvpn_zone.subnet | ipaddr(openvpn_zone.offsets[inventory_hostname]) | ipaddr('address') }} {{ openvpn_zone.subnet | ipaddr('netmask') }}
+push "topology subnet"
+client-config-dir {{ openvpn_zone.name }}-ccd/
+ccd-exclusive
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 13:00:29 +0000