From 16160b5b4ab9759534bc94cb2d0624f4675db9d3 Mon Sep 17 00:00:00 2001 From: alex Date: Sat, 16 Sep 2023 16:05:47 +0200 Subject: Add support for ocserv --- .../modules/ocserv/templates/ocserv.conf.epp | 57 ++++++++++++++++++++++ .../puppet/modules/ocserv/templates/port.conf.epp | 8 +++ 2 files changed, 65 insertions(+) create mode 100644 personal_infra/puppet/modules/ocserv/templates/ocserv.conf.epp create mode 100644 personal_infra/puppet/modules/ocserv/templates/port.conf.epp (limited to 'personal_infra/puppet/modules/ocserv/templates') diff --git a/personal_infra/puppet/modules/ocserv/templates/ocserv.conf.epp b/personal_infra/puppet/modules/ocserv/templates/ocserv.conf.epp new file mode 100644 index 00000000..b4ca12e7 --- /dev/null +++ b/personal_infra/puppet/modules/ocserv/templates/ocserv.conf.epp @@ -0,0 +1,57 @@ +<%- | $tcp_port, + $udp_port, + $run_as_user, + $run_as_group, + $socket_file, + $chroot_dir, + $server_cert, + $server_key, + $default_domain, + $ipv4_network, + $dns, + $split_dns, + $routes, +| -%> +auth = "pam" +listen-host-is-dyndns = true +# note, those are not used on Debian +tcp-port = <%= $tcp_port %> +udp-port = <%= $udp_port %> +run-as-user = <%= $run_as_user %> +run-as-group = <%= $run_as_group %> +socket-file = <%= $socket_file %> +<% if $chroot_dir { -%> +chroot-dir = <%= $chroot_dir %> +<% } -%> +server-cert = <%= $server_cert %> +server-key = <%= $server_key %> +isolate-workers = true +keepalive = 32400 +dpd = 90 +mobile-dpd = 1800 +switch-to-tcp-timeout = 25 +try-mtu-discovery = false +compression = true +tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128" +auth-timeout = 240 +min-reauth-time = 3 +cookie-timeout = 300 +deny-roaming = false +rekey-time = 172800 +rekey-method = ssl +use-utmp = true +pid-file = /var/run/ocserv.pid +device = vpns +predictable-ips = true +default-domain = <%= $default_domain %> +ipv4-network = <%= $ipv4_network %> +#tunnel-all-dns = true +dns = <%= $dns %> +split-dns = <%= $split_dns %> +ping-leases = true +cisco-client-compat = true +dtls-psk = false +dtls-legacy = true +<% $routes.each | $route | { -%> +route = <%= $route %> +<% } %> diff --git a/personal_infra/puppet/modules/ocserv/templates/port.conf.epp b/personal_infra/puppet/modules/ocserv/templates/port.conf.epp new file mode 100644 index 00000000..223c9961 --- /dev/null +++ b/personal_infra/puppet/modules/ocserv/templates/port.conf.epp @@ -0,0 +1,8 @@ +<%- | $tcp_port, + $udp_port, +| -%> +[Socket] +ListenStream= +ListenDatagram= +ListenStream=<%= $tcp_port %> +ListenDatagram=<%= $udp_port %> -- cgit v1.2.3