paulbsd-salt/states/openvpn_server/templates/vpn.conf.j2

63 lines
1.1 KiB
Django/Jinja

<ca>
{{ ca }}
</ca>
<cert>
{{ cert }}
</cert>
<key>
{{ key }}
</key>
<dh>
{{ dh }}
</dh>
proto udp6
port 1194
dev tun
client-config-dir /etc/openvpn/ccd
client-to-client
topology subnet
user root
group root
duplicate-cn
username-as-common-name
keepalive 5 30
compress lzo
fast-io
persist-key
persist-tun
server {{ tunnel.ip }} {{ tunnel.netmask }}
{%- for route in routes %}
{%- if not route.push %}
route {{ route.ip }} {{ route.netmask }} {{ route.hop }}
{%- endif %}
{% endfor -%}
{% for route in routes -%}
push "route {{ route.ip }} {{ route.netmask }} {{ route.hop }}"
{% endfor -%}
push "dhcp-option DNS {{ dns|join(" ") }}"
# IPv6
#server-ipv6 2a01:e0a:97:8311::/64
#tun-ipv6
#push tun-ipv6
#ifconfig-ipv6 2a01:e0a:97:8311::1 2a01:e0a:97:8311::2
#ifconfig-ipv6-pool 2a01:e0a:97:8311::101/64
#push "route-ipv6 2a01:e0a:97:8311::/64"
#push "route-ipv6 ::/0"
#push "redirect-gateway-ipv6 def1"
{% if config.auth == "pam" %}
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so /etc/pam.d/login
{% endif %}
status {{ config.status|default("/var/log/openvpn/vpn.status") }}