Puppet module to manage OpenVPN servers
- Client-specific rules and access policies
- Generated client configurations and SSL-Certificates
- Downloadable client configurations and SSL-Certificates for easy client configuration
- Support for multiple server instances
- Support for LDAP-Authentication
- Support for server instance in client mode
- Ubuntu
- Debian
- CentOS
- RedHat
# add a server instance
openvpn::server { 'winterthur':
country => 'CH',
province => 'ZH',
city => 'Winterthur',
organization => 'example.org',
email => 'root@example.org',
server => '10.200.200.0 255.255.255.0',
}
# define clients
openvpn::client { 'client1':
server => 'winterthur',
}
openvpn::client { 'client2':
server => 'winterthur',
}
openvpn::client_specific_config { 'client1':
server => 'winterthur',
ifconfig => '10.200.200.50 10.200.200.51',
}
# a revoked client
openvpn::client { 'client3':
server => 'winterthur',
}
openvpn::revoke { 'client3':
server => 'winterthur',
}
# a server in client mode
file {
'/etc/openvpn/zurich/keys/ca.crt':
source => 'puppet:///path/to/ca.crt';
'/etc/openvpn/zurich/keys/zurich.crt':
source => 'puppet:///path/to/zurich.crt';
'/etc/openvpn/zurich/keys/zurich.key':
source => 'puppet:///path/to/zurich.key';
}
openvpn::server { 'zurich':
remote => [ 'mgmtnet3.nine.ch 1197', 'mgmtnet2.nine.ch 1197' ],
require => [ File['/etc/openvpn/zurich/keys/ca.crt'],
File['/etc/openvpn/zurich/keys/zurich.crt'],
File['/etc/openvpn/zurich/keys/zurich.key'] ];
}Don't forget the sysctl directive net.ipv4.ip_forward!
Pull requests are very welcome. Join these fine folks who already helped to get this far with this module.
To help guaranteeing the stability of the module, please make sure to add tests to your pull request.