add msca-openvpn role

[awsible] / roles / msca-openvpn / templates / vpc-server.conf.j2

diff --git a/roles/msca-openvpn/templates/vpc-server.conf.j2 b/roles/msca-openvpn/templates/vpc-server.conf.j2
new file mode 100644 (file)
index 0000000..e07289f
--- /dev/null
+++ b/roles/msca-openvpn/templates/vpc-server.conf.j2
@@ -0,0 +1,63 @@
+{{ ansible_managed|comment }}
+# Mode: {{ vpn_mode }}
+# Subnet: {{ vpn_subnet }}
+# L3
+daemon
+port 1194
+dev tap
+proto udp
+user openvpn
+group openvpn
+tcp-nodelay
+persist-tun
+persist-key
+cipher AES-256-CBC
+keepalive 30 90
+management 127.0.0.1 31337
+
+server {{ vpn_subnet }} 255.255.255.0
+topology subnet
+
+max-clients 64
+
+verb 3
+log /var/log/openvpn/openvpn.log
+status-version 3
+status /var/log/openvpn/status.log
+client-connect /etc/openvpn/scripts/event-log.sh
+
+tmp-dir /dev/shm
+
+tls-server
+tls-version-min 1.2
+key-direction 0
+dh /etc/openvpn/keys/dh.pem
+ca /etc/openvpn/keys/ca.{{ ca_name|lower }}.crt
+crl-verify /etc/openvpn/keys/crl.{{ ca_name|lower }}.pem
+cert /etc/openvpn/keys/{{ vpc_region }}.{{ ca_name|lower }}.crt
+key /etc/openvpn/keys/{{ vpc_region }}.{{ ca_name|lower }}.key
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+07b7f906a252a8b304d2b9e055b05299
+f199db480ce9da121fdbed99b2b18747
+f24fd2b4b95f1dbbe2a480b9eb761413
+03bc6848ec6181bb78078043306e2fcd
+ad992ee1a5c02ded40c289209eb77587
+36ac2a15fba4eb0cfc721c2c70a3fb83
+7af9e5423e8cf81c5904a989d114fae8
+b0c9ffd27bac60718d7231ab7cf4871f
+79d0cc9e37935afea8b67f1a2c396707
+8a586e78a1ba340e9c5bcce41de9ade7
+5ca23c436c65c30bcb7e2854ed576b93
+a955fe3b4d408444d5afaa8cc23dc9a5
+f613242847be6cd33cb939b94658dd89
+e02c3629fa9d8ff99d415b7041bd9df6
+15d3744bd648f2ab1ba2db0c64737308
+aca2fbab7c9b7114e4d8b646ca430c19
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+script-security 2