Coding/ansible-collection-openvpn
1
0
Fork 0
Code Activity

Fixed var naming
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details

Browse source 
Signed-off-by: Nis Wechselberg <enbewe@enbewe.de>
This commit is contained in:
Nis Wechselberg 2025-06-21 22:30:52 +02:00
parent 6e8d01203a
commit 851b5fa0ad
Signed by: enbewe
GPG key ID: 7B25171F921B9E57
11 changed files with 48 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/server/templates/ca.crt.j2
View file

@ -1 +1 @@
{{ openvpn_server_ca_content }}
{{ server_openvpn_ca_content }}

2
roles/server/templates/cert.crt.j2
View file

@ -1 +1 @@
{{ openvpn_server_cert_content }}
{{ server_openvpn_cert_content }}

2
roles/server/templates/cert.key.j2
View file

@ -1 +1 @@
{{ openvpn_server_key_content }}
{{ server_openvpn_key_content }}

2
roles/server/templates/cert.pwd.j2
View file

@ -1 +1 @@
{{ openvpn_server_askpass_content }}
{{ server_openvpn_askpass_content }}

2
roles/server/templates/crl.pem.j2
View file

@ -1 +1 @@
{{ openvpn_server_crl_content }}
{{ server_openvpn_crl_content }}

2
roles/server/templates/dh2048.pem.j2
View file

@ -1 +1 @@
{{ openvpn_server_dh_content }}
{{ server_openvpn_dh_content }}

28
roles/server/templates/openvpn_server.conf.j2
View file

@ -18,7 +18,7 @@ proto udp6
topology subnet
# Which TCP/UDP port should OpenVPN listen on?
port {{ openvpn_server_port }}
port {{ server_openvpn_port }}
# "dev tun" will create a routed IP tunnel, "dev tap" will create an
# ethernet tunnel
@ -28,19 +28,19 @@ dev tun
comp-lzo
# Maintain a record of client virtual IP address associations in this file.
ifconfig-pool-persist {{ openvpn_server_directory }}/ipp.txt
ifconfig-pool-persist {{ server_openvpn_directory }}/ipp.txt
# Output a short status file showing current connections, truncated
# and rewritten every minute.
status {{ openvpn_server_directory }}/openvpn-status.log
status {{ server_openvpn_directory }}/openvpn-status.log
# Configure server mode and supply a VPN subnet for OpenVPN to draw client
# addresses from. The server will take subnet ip .1 for itself, the rest will
# be made available to clients.
server {{ openvpn_server_ipv4_pool }} {{ openvpn_server_ipv4_subnet }}
server-ipv6 {{ openvpn_server_ipv6 }}
server {{ server_openvpn_ipv4_pool }} {{ server_openvpn_ipv4_subnet }}
server-ipv6 {{ server_openvpn_ipv6 }}
{% for route in openvpn_server_routes %}
{% for route in server_openvpn_routes %}
route {{route.network }} {{ route.subnet }}
{% endfor %}
@ -58,7 +58,7 @@ persist-key
persist-tun
# Allow client specific configurations
client-config-dir {{ openvpn_server_directory }}/ccd
client-config-dir {{ server_openvpn_directory }}/ccd
# Set the appropriate level of log
# file verbosity.
@ -78,25 +78,25 @@ verb 4
## ## ## ## ## ## ## ## ## ## ## ##
###### ######## ###### ####### ## ## #### ## ##
# SSL/TLS root certificate (ca), certificate (cert), and private key (key)
ca {{ openvpn_server_ca }}
cert {{ openvpn_server_cert }}
key {{ openvpn_server_key }}
ca {{ server_openvpn_ca }}
cert {{ server_openvpn_cert }}
key {{ server_openvpn_key }}
# Password for certificate provided in separate file
askpass {{ openvpn_server_passfile }}
askpass {{ server_openvpn_passfile }}
auth-nocache
# Verify against revoked certificates
crl-verify {{ openvpn_server_crl }}
crl-verify {{ server_openvpn_crl }}
# Diffie hellman parameters
dh {{ openvpn_server_dhfile }}
dh {{ server_openvpn_dhfile }}
# For extra security beyond that provided by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
# The server and each client must have a copy of this key.
# The second parameter should be '0' on the server and '1' on the clients.
tls-auth {{ openvpn_server_tlsauth }} 0
tls-auth {{ server_openvpn_tlsauth }} 0
# Select a cryptographic cipher
cipher AES-256-CBC

2
roles/server/templates/tls-auth.key.j2
View file

@ -1 +1 @@
{{ openvpn_server_tlsauth_content }}
{{ server_openvpn_tlsauth_content }}