git.squeep.com Git - awsible/blob - roles/msca-openvpn/templates/vpc-server.conf.j2

   1 {{ ansible_managed|comment }}
   2 # Mode: {{ vpn_mode }}
   3 # Subnet: {{ vpn_subnet }}
   4 # L3
   5 daemon
   6 port 1194
   7 dev tap
   8 proto udp
   9 user openvpn
  10 group openvpn
  11 tcp-nodelay
  12 persist-tun
  13 persist-key
  14 cipher AES-256-CBC
  15 keepalive 30 90
  16 management 127.0.0.1 31337
  17
  18 server {{ vpn_subnet }} 255.255.255.0
  19 topology subnet
  20
  21 max-clients 64
  22
  23 verb 3
  24 log /var/log/openvpn/openvpn.log
  25 status-version 3
  26 status /var/log/openvpn/status.log
  27 client-connect /etc/openvpn/scripts/event-log.sh
  28
  29 tmp-dir /dev/shm
  30
  31 tls-server
  32 tls-version-min 1.2
  33 key-direction 0
  34 dh /etc/openvpn/keys/dh.pem
  35 ca /etc/openvpn/keys/ca.{{ ca_name|lower }}.crt
  36 crl-verify /etc/openvpn/keys/crl.{{ ca_name|lower }}.pem
  37 cert /etc/openvpn/keys/{{ vpc_region }}.{{ ca_name|lower }}.crt
  38 key /etc/openvpn/keys/{{ vpc_region }}.{{ ca_name|lower }}.key
  39 <tls-auth>
  40 #
  41 # 2048 bit OpenVPN static key
  42 #
  43 -----BEGIN OpenVPN Static key V1-----
  44 07b7f906a252a8b304d2b9e055b05299
  45 f199db480ce9da121fdbed99b2b18747
  46 f24fd2b4b95f1dbbe2a480b9eb761413
  47 03bc6848ec6181bb78078043306e2fcd
  48 ad992ee1a5c02ded40c289209eb77587
  49 36ac2a15fba4eb0cfc721c2c70a3fb83
  50 7af9e5423e8cf81c5904a989d114fae8
  51 b0c9ffd27bac60718d7231ab7cf4871f
  52 79d0cc9e37935afea8b67f1a2c396707
  53 8a586e78a1ba340e9c5bcce41de9ade7
  54 5ca23c436c65c30bcb7e2854ed576b93
  55 a955fe3b4d408444d5afaa8cc23dc9a5
  56 f613242847be6cd33cb939b94658dd89
  57 e02c3629fa9d8ff99d415b7041bd9df6
  58 15d3744bd648f2ab1ba2db0c64737308
  59 aca2fbab7c9b7114e4d8b646ca430c19
  60 -----END OpenVPN Static key V1-----
  61 </tls-auth>
  62
  63 script-security 2