summaryrefslogtreecommitdiff
path: root/roles/network/openvpn/server/templates/conf.j2
blob: cad82981dd5e6ea4599a43d0ae4bc51d8e50a112 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
mode server

proto udp
lport {{ openvpn_zone.server_port }}
ping 60
ping-timer-rem

tls-server
ca /etc/ssl/openvpn/{{ openvpn_zone.name }}/ca-crt.pem
dh /etc/ssl/openvpn/{{ openvpn_zone.name }}/dhparams.pem
cert /etc/ssl/openvpn/{{ openvpn_zone.name }}/server/crt.pem
key /etc/ssl/openvpn/{{ openvpn_zone.name }}/server/key.pem
verify-client-cert require
remote-cert-tls client
cipher AES-256-GCM
persist-key

dev tun
persist-tun

topology subnet
ifconfig {{ openvpn_zone.subnet | ansible.utils.ipaddr(openvpn_zone.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }} {{ openvpn_zone.subnet | ansible.utils.ipaddr('netmask') }}
push "topology subnet"
client-config-dir {{ openvpn_zone.name }}-ccd/
ccd-exclusive
{% for client, routes in (openvpn_zone.routes | default({})).items() %}

## static routes for client {{ client }}
{%   for route in routes %}
route {{ route | ansible.utils.ipaddr('network') }} {{ route | ansible.utils.ipaddr('netmask') }} {{ openvpn_zone.subnet | ansible.utils.ipaddr(openvpn_zone.offsets[client]) | ansible.utils.ipaddr('address') }}
{%   endfor %}
{% endfor %}