From f6e0c851b219885e1e829514f214510a31e19a52 Mon Sep 17 00:00:00 2001
From: Julien Dessaux
Date: Thu, 15 Mar 2018 12:57:15 +0100
Subject: Added openvpn management policy

---
 templates/openvpn/tunnel.conf.cftpl | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 templates/openvpn/tunnel.conf.cftpl

(limited to 'templates/openvpn/tunnel.conf.cftpl')

diff --git a/templates/openvpn/tunnel.conf.cftpl b/templates/openvpn/tunnel.conf.cftpl
new file mode 100644
index 0000000..8c718f1
--- /dev/null
+++ b/templates/openvpn/tunnel.conf.cftpl
@@ -0,0 +1,28 @@
+[%CFEngine BEGIN %]
+proto udp
+port $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][port])
+dev-type tun
+dev tun_$(openvpn_tunnel.tunnel)
+comp-lzo
+script-security 2
+
+ping 10
+ping-restart 20
+ping-timer-rem
+persist-tun
+persist-key
+
+cipher AES-128-CBC
+
+secret /etc/openvpn/common.key
+ifconfig $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][ip]) $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][peer])
+
+user nobody
+[%CFEngine centos:: %]
+group nobody
+[%CFEngine ubuntu:: %]
+group nogroup
+
+[%CFEngine has_remote:: %]
+remote $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][remote_host]) $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][remote_port])
+[%CFEngine END %]
-- 
cgit v1.2.3