blob: cad82981dd5e6ea4599a43d0ae4bc51d8e50a112 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
mode server
proto udp
lport {{ openvpn_zone.server_port }}
ping 60
ping-timer-rem
tls-server
ca /etc/ssl/openvpn/{{ openvpn_zone.name }}/ca-crt.pem
dh /etc/ssl/openvpn/{{ openvpn_zone.name }}/dhparams.pem
cert /etc/ssl/openvpn/{{ openvpn_zone.name }}/server/crt.pem
key /etc/ssl/openvpn/{{ openvpn_zone.name }}/server/key.pem
verify-client-cert require
remote-cert-tls client
cipher AES-256-GCM
persist-key
dev tun
persist-tun
topology subnet
ifconfig {{ openvpn_zone.subnet | ansible.utils.ipaddr(openvpn_zone.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }} {{ openvpn_zone.subnet | ansible.utils.ipaddr('netmask') }}
push "topology subnet"
client-config-dir {{ openvpn_zone.name }}-ccd/
ccd-exclusive
{% for client, routes in (openvpn_zone.routes | default({})).items() %}
## static routes for client {{ client }}
{% for route in routes %}
route {{ route | ansible.utils.ipaddr('network') }} {{ route | ansible.utils.ipaddr('netmask') }} {{ openvpn_zone.subnet | ansible.utils.ipaddr(openvpn_zone.offsets[client]) | ansible.utils.ipaddr('address') }}
{% endfor %}
{% endfor %}
|
