diff options
author | Julien Dessaux | 2018-03-15 12:57:15 +0100 |
---|---|---|
committer | Julien Dessaux | 2018-03-15 18:11:22 +0100 |
commit | f6e0c851b219885e1e829514f214510a31e19a52 (patch) | |
tree | c02b35fc864c0fbdf276d364eb448255a5a04240 /templates | |
parent | Fixed update.cf problem no copying all template files (diff) | |
download | masterfiles-f6e0c851b219885e1e829514f214510a31e19a52.tar.gz masterfiles-f6e0c851b219885e1e829514f214510a31e19a52.tar.bz2 masterfiles-f6e0c851b219885e1e829514f214510a31e19a52.zip |
Added openvpn management policy
Diffstat (limited to '')
-rw-r--r-- | templates/openvpn/common.key.cftpl | 21 | ||||
-rw-r--r-- | templates/openvpn/tunnel.conf.cftpl | 28 |
2 files changed, 49 insertions, 0 deletions
diff --git a/templates/openvpn/common.key.cftpl b/templates/openvpn/common.key.cftpl new file mode 100644 index 0000000..b86a052 --- /dev/null +++ b/templates/openvpn/common.key.cftpl @@ -0,0 +1,21 @@ +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +c721f5790fb7f13df8f3bee5757642dc +63a951123fc5e5fe3af4eea134dc46cb +58d690985a952378537a76935314685d +efd76938f6e799ddb19a6140ae5c8ac7 +3f3a9d48c4ff02cb46a5b412caae1723 +85172ffd29d54316f4143d994a85e1d5 +d188e062022b5f4f8867f10bc9fa50c4 +82a4b1ac9cfb2e63b380ae51fe1a1b95 +09641f1997ede00852aa4f744c418be9 +3b7ffe378ad51777425be73f4486f8fd +04caffddef32e6524f282cc7f81e4df7 +0cedf82774e43ff96463a480a673ff6d +600f59f0783d79079161a88d37221fb8 +ce065cee088aadb0d2426591a4d4c885 +64222847a09c69794a6a81b37175bfd8 +443398ac5c7d90df6d79ff41e2ce9125 +-----END OpenVPN Static key V1----- diff --git a/templates/openvpn/tunnel.conf.cftpl b/templates/openvpn/tunnel.conf.cftpl new file mode 100644 index 0000000..8c718f1 --- /dev/null +++ b/templates/openvpn/tunnel.conf.cftpl @@ -0,0 +1,28 @@ +[%CFEngine BEGIN %] +proto udp +port $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][port]) +dev-type tun +dev tun_$(openvpn_tunnel.tunnel) +comp-lzo +script-security 2 + +ping 10 +ping-restart 20 +ping-timer-rem +persist-tun +persist-key + +cipher AES-128-CBC + +secret /etc/openvpn/common.key +ifconfig $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][ip]) $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][peer]) + +user nobody +[%CFEngine centos:: %] +group nobody +[%CFEngine ubuntu:: %] +group nogroup + +[%CFEngine has_remote:: %] +remote $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][remote_host]) $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][remote_port]) +[%CFEngine END %] |