From f6e0c851b219885e1e829514f214510a31e19a52 Mon Sep 17 00:00:00 2001
From: Julien Dessaux
Date: Thu, 15 Mar 2018 12:57:15 +0100
Subject: Added openvpn management policy

---
 templates/openvpn/common.key.cftpl  | 21 +++++++++++++++++++++
 templates/openvpn/tunnel.conf.cftpl | 28 ++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+)
 create mode 100644 templates/openvpn/common.key.cftpl
 create mode 100644 templates/openvpn/tunnel.conf.cftpl

(limited to 'templates')

diff --git a/templates/openvpn/common.key.cftpl b/templates/openvpn/common.key.cftpl
new file mode 100644
index 0000000..b86a052
--- /dev/null
+++ b/templates/openvpn/common.key.cftpl
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+c721f5790fb7f13df8f3bee5757642dc
+63a951123fc5e5fe3af4eea134dc46cb
+58d690985a952378537a76935314685d
+efd76938f6e799ddb19a6140ae5c8ac7
+3f3a9d48c4ff02cb46a5b412caae1723
+85172ffd29d54316f4143d994a85e1d5
+d188e062022b5f4f8867f10bc9fa50c4
+82a4b1ac9cfb2e63b380ae51fe1a1b95
+09641f1997ede00852aa4f744c418be9
+3b7ffe378ad51777425be73f4486f8fd
+04caffddef32e6524f282cc7f81e4df7
+0cedf82774e43ff96463a480a673ff6d
+600f59f0783d79079161a88d37221fb8
+ce065cee088aadb0d2426591a4d4c885
+64222847a09c69794a6a81b37175bfd8
+443398ac5c7d90df6d79ff41e2ce9125
+-----END OpenVPN Static key V1-----
diff --git a/templates/openvpn/tunnel.conf.cftpl b/templates/openvpn/tunnel.conf.cftpl
new file mode 100644
index 0000000..8c718f1
--- /dev/null
+++ b/templates/openvpn/tunnel.conf.cftpl
@@ -0,0 +1,28 @@
+[%CFEngine BEGIN %]
+proto udp
+port $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][port])
+dev-type tun
+dev tun_$(openvpn_tunnel.tunnel)
+comp-lzo
+script-security 2
+
+ping 10
+ping-restart 20
+ping-timer-rem
+persist-tun
+persist-key
+
+cipher AES-128-CBC
+
+secret /etc/openvpn/common.key
+ifconfig $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][ip]) $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][peer])
+
+user nobody
+[%CFEngine centos:: %]
+group nobody
+[%CFEngine ubuntu:: %]
+group nogroup
+
+[%CFEngine has_remote:: %]
+remote $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][remote_host]) $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][remote_port])
+[%CFEngine END %]
-- 
cgit v1.2.3