git.squeep.com Git - awsible/blob - roles/msca-openvpn/templates/vpc-server.conf.j2

   1 {{ ansible_managed|comment }}
   2 # Mode: {{ vpn_mode }}
   3 # Subnet: {{ vpn_subnet }}
   4 # L3
   5 daemon
   6 port 1194
   7 dev tap
   8 proto udp
   9 user openvpn
  10 group openvpn
  11 tcp-nodelay
  12 persist-tun
  13 persist-key
  14 cipher AES-256-CBC
  15 keepalive 30 90
  16 management 127.0.0.1 31337
  17
  18 server {{ vpn_subnet }} 255.255.255.0
  19 topology subnet
  20
  21 max-clients 64
  22
  23 verb 3
  24 log /var/log/openvpn/openvpn-vpc.log
  25 status-version 3
  26 status /var/log/openvpn/status-vpc.log
  27 client-connect /etc/openvpn/scripts/event-log.sh
  28
  29 tmp-dir /dev/shm
  30
  31 tls-server
  32 tls-version-min 1.2
  33 key-direction 0
  34 dh /etc/openvpn/keys/dh.pem
  35 ca /etc/openvpn/keys/ca.{{ ca_name|lower }}.crt
  36 crl-verify /etc/openvpn/keys/crl.{{ ca_name|lower }}.pem
  37 cert /etc/openvpn/keys/{{ vpc_region }}.{{ ca_name|lower }}.crt
  38 key /etc/openvpn/keys/{{ vpc_region }}.{{ ca_name|lower }}.key
  39 <tls-auth>
  40 {{ ta_secret }}
  41 </tls-auth>
  42
  43 script-security 2