git.squeep.com Git - awsible/blob - roles/msca-openvpn/templates/user-server.conf.j2

   1 {{ ansible_managed|comment }}
   2 # Mode: {{ vpn_mode }}
   3 # Subnet: {{ vpn_subnet }}
   4 # L3
   5 daemon
   6 port 1195
   7 dev tun
   8 proto tcp-server
   9 user openvpn
  10 group openvpn
  11 tcp-nodelay
  12 persist-tun
  13 persist-key
  14 cipher AES-256-CBC
  15 keepalive 30 90
  16 management 127.0.0.1 31339
  17
  18 server {{ vpn_subnet }} 255.255.255.0
  19 topology subnet
  20
  21 max-clients 64
  22
  23 verb 3
  24 log /var/log/openvpn/openvpn.log
  25 status-version 3
  26 status /var/log/openvpn/status.log
  27 client-connect /etc/openvpn/scripts/event-log.sh
  28
  29 tmp-dir /dev/shm
  30 {% if phase|default() == 'prod' %}
  31 auth-user-pass-verify /etc/openvpn/scripts/auth.py via-env
  32 {% endif %}
  33
  34 tls-server
  35 tls-version-min 1.2
  36 key-direction 0
  37 dh /etc/openvpn/keys/dh.pem
  38 ca /etc/openvpn/keys/ca.{{ ca_name|lower }}.crt
  39 crl-verify /etc/openvpn/keys/crl.{{ ca_name|lower }}.pem
  40 cert /etc/openvpn/keys/{{ vpc_region }}.{{ ca_name|lower }}.crt
  41 key /etc/openvpn/keys/{{ vpc_region }}.{{ ca_name|lower }}.key
  42 <tls-auth>
  43 #
  44 # 2048 bit OpenVPN static key
  45 #
  46 -----BEGIN OpenVPN Static key V1-----
  47 07b7f906a252a8b304d2b9e055b05299
  48 f199db480ce9da121fdbed99b2b18747
  49 f24fd2b4b95f1dbbe2a480b9eb761413
  50 03bc6848ec6181bb78078043306e2fcd
  51 ad992ee1a5c02ded40c289209eb77587
  52 36ac2a15fba4eb0cfc721c2c70a3fb83
  53 7af9e5423e8cf81c5904a989d114fae8
  54 b0c9ffd27bac60718d7231ab7cf4871f
  55 79d0cc9e37935afea8b67f1a2c396707
  56 8a586e78a1ba340e9c5bcce41de9ade7
  57 5ca23c436c65c30bcb7e2854ed576b93
  58 a955fe3b4d408444d5afaa8cc23dc9a5
  59 f613242847be6cd33cb939b94658dd89
  60 e02c3629fa9d8ff99d415b7041bd9df6
  61 15d3744bd648f2ab1ba2db0c64737308
  62 aca2fbab7c9b7114e4d8b646ca430c19
  63 -----END OpenVPN Static key V1-----
  64 </tls-auth>
  65
  66 script-security 2