- vpn_mode|default() in ('user-server', 'vpc-server', 'vpc-client')
- vpn_subnet != ''
- ca_name != ''
+ - ca_cert != ''
+ - crl_pem != ''
+ - cert != ''
+ - key != ''
+ - ta_secret != ''
+
tags: ['check_vars']
- assert:
args:
creates: /etc/openvpn/keys/dh.pem
+- name: install keys
+ with_items:
+ - file: ca.{{ ca_name|lower }}.crt
+ content: "{{ ca_cert }}"
+ mode: "0400"
+ - file: crl.{{ ca_name|lower }}.pem
+ content: "{{ crl_pem }}"
+ mode: "0400"
+ - file: "{{ vpc_region }}.{{ ca_name|lower }}.crt"
+ content: "{{ cert }}"
+ mode: "0400"
+ - file: "{{ vpc_region }}.{{ ca_name|lower }}.key"
+ content: "{{ key }}"
+ mode: "0400"
+ copy:
+ dest: /etc/openvpn/keys/{{ item.file }}
+ content: "{{ item.content }}"
+ mode: "{{ item.mode }}"
+ owner: openvpn
+ group: openvpn
+ notify:
+ - restart openvpn
+
- name: configure openvpn
template:
src: "{{ vpn_mode }}.conf.j2"
cert /etc/openvpn/keys/{{ vpc_region }}.{{ ca_name|lower }}.crt
key /etc/openvpn/keys/{{ vpc_region }}.{{ ca_name|lower }}.key
<tls-auth>
-#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-07b7f906a252a8b304d2b9e055b05299
-f199db480ce9da121fdbed99b2b18747
-f24fd2b4b95f1dbbe2a480b9eb761413
-03bc6848ec6181bb78078043306e2fcd
-ad992ee1a5c02ded40c289209eb77587
-36ac2a15fba4eb0cfc721c2c70a3fb83
-7af9e5423e8cf81c5904a989d114fae8
-b0c9ffd27bac60718d7231ab7cf4871f
-79d0cc9e37935afea8b67f1a2c396707
-8a586e78a1ba340e9c5bcce41de9ade7
-5ca23c436c65c30bcb7e2854ed576b93
-a955fe3b4d408444d5afaa8cc23dc9a5
-f613242847be6cd33cb939b94658dd89
-e02c3629fa9d8ff99d415b7041bd9df6
-15d3744bd648f2ab1ba2db0c64737308
-aca2fbab7c9b7114e4d8b646ca430c19
------END OpenVPN Static key V1-----
+{{ ta_secret }}
</tls-auth>
script-security 2
ca /etc/openvpn/keys/ca.{{ ca_name|lower }}.crt
cert /etc/openvpn/keys/{{ vpc_region }}-client.{{ ca_name|lower }}.crt
key /etc/openvpn/keys/{{ vpc_region }}-client.{{ ca_name|lower }}.key
+tls-server
+tls-version-min 1.2
+key-direction 0
+<tls-auth>
+{{ ta_secret }}
+</tls-auth>
max-clients 64
verb 3
-log /var/log/openvpn/openvpn.log
+log /var/log/openvpn/openvpn-vpc.log
status-version 3
-status /var/log/openvpn/status.log
+status /var/log/openvpn/status-vpc.log
client-connect /etc/openvpn/scripts/event-log.sh
tmp-dir /dev/shm
cert /etc/openvpn/keys/{{ vpc_region }}.{{ ca_name|lower }}.crt
key /etc/openvpn/keys/{{ vpc_region }}.{{ ca_name|lower }}.key
<tls-auth>
-#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-07b7f906a252a8b304d2b9e055b05299
-f199db480ce9da121fdbed99b2b18747
-f24fd2b4b95f1dbbe2a480b9eb761413
-03bc6848ec6181bb78078043306e2fcd
-ad992ee1a5c02ded40c289209eb77587
-36ac2a15fba4eb0cfc721c2c70a3fb83
-7af9e5423e8cf81c5904a989d114fae8
-b0c9ffd27bac60718d7231ab7cf4871f
-79d0cc9e37935afea8b67f1a2c396707
-8a586e78a1ba340e9c5bcce41de9ade7
-5ca23c436c65c30bcb7e2854ed576b93
-a955fe3b4d408444d5afaa8cc23dc9a5
-f613242847be6cd33cb939b94658dd89
-e02c3629fa9d8ff99d415b7041bd9df6
-15d3744bd648f2ab1ba2db0c64737308
-aca2fbab7c9b7114e4d8b646ca430c19
------END OpenVPN Static key V1-----
+{{ ta_secret }}
</tls-auth>
script-security 2
projects / awsible / commitdiff