diff options
| author | alex <alex@pdp7.net> | 2023-09-16 16:05:47 +0200 |
|---|---|---|
| committer | alex <alex@pdp7.net> | 2023-09-16 16:05:47 +0200 |
| commit | 16160b5b4ab9759534bc94cb2d0624f4675db9d3 (patch) | |
| tree | bf3041a6df2c7fc0f6c4f328ebed38baf86836a3 /personal_infra/puppet/modules/ocserv/templates | |
| parent | d3062de6cf2e74ba6d6945e64e7f316cb4d83c7a (diff) | |
Add support for ocserv
Diffstat (limited to 'personal_infra/puppet/modules/ocserv/templates')
| -rw-r--r-- | personal_infra/puppet/modules/ocserv/templates/ocserv.conf.epp | 57 | ||||
| -rw-r--r-- | personal_infra/puppet/modules/ocserv/templates/port.conf.epp | 8 |
2 files changed, 65 insertions, 0 deletions
diff --git a/personal_infra/puppet/modules/ocserv/templates/ocserv.conf.epp b/personal_infra/puppet/modules/ocserv/templates/ocserv.conf.epp new file mode 100644 index 00000000..b4ca12e7 --- /dev/null +++ b/personal_infra/puppet/modules/ocserv/templates/ocserv.conf.epp @@ -0,0 +1,57 @@ +<%- | $tcp_port, + $udp_port, + $run_as_user, + $run_as_group, + $socket_file, + $chroot_dir, + $server_cert, + $server_key, + $default_domain, + $ipv4_network, + $dns, + $split_dns, + $routes, +| -%> +auth = "pam" +listen-host-is-dyndns = true +# note, those are not used on Debian +tcp-port = <%= $tcp_port %> +udp-port = <%= $udp_port %> +run-as-user = <%= $run_as_user %> +run-as-group = <%= $run_as_group %> +socket-file = <%= $socket_file %> +<% if $chroot_dir { -%> +chroot-dir = <%= $chroot_dir %> +<% } -%> +server-cert = <%= $server_cert %> +server-key = <%= $server_key %> +isolate-workers = true +keepalive = 32400 +dpd = 90 +mobile-dpd = 1800 +switch-to-tcp-timeout = 25 +try-mtu-discovery = false +compression = true +tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128" +auth-timeout = 240 +min-reauth-time = 3 +cookie-timeout = 300 +deny-roaming = false +rekey-time = 172800 +rekey-method = ssl +use-utmp = true +pid-file = /var/run/ocserv.pid +device = vpns +predictable-ips = true +default-domain = <%= $default_domain %> +ipv4-network = <%= $ipv4_network %> +#tunnel-all-dns = true +dns = <%= $dns %> +split-dns = <%= $split_dns %> +ping-leases = true +cisco-client-compat = true +dtls-psk = false +dtls-legacy = true +<% $routes.each | $route | { -%> +route = <%= $route %> +<% } %> diff --git a/personal_infra/puppet/modules/ocserv/templates/port.conf.epp b/personal_infra/puppet/modules/ocserv/templates/port.conf.epp new file mode 100644 index 00000000..223c9961 --- /dev/null +++ b/personal_infra/puppet/modules/ocserv/templates/port.conf.epp @@ -0,0 +1,8 @@ +<%- | $tcp_port, + $udp_port, +| -%> +[Socket] +ListenStream= +ListenDatagram= +ListenStream=<%= $tcp_port %> +ListenDatagram=<%= $udp_port %> |