Role to install, configure and update OpenVPN servers and clients.
- PAM support, maybe?
- Ansible >= 2.1
- Ubuntu >= 16.04
Variables | Default | Description |
---|---|---|
openvpn_port | 1194 | default port |
openvpn_proto | udp | default protocol |
openvpn_server_dh | 2048 | dh keysize |
openvpn_dir | /etc/openvpn | openvpn server directory |
openvpn_keydir | "{{ openvpn_dir }}/keys" | openvpn server key directory |
deploy_key_dir | "{{ role_path }}/files }}" | local key directory |
local_openvpn_keydir | "{{ deploy_key_dir }}" | local key directory, same as deploy_key_dir |
openvpn_server_dh | "{{ lookup('pipe', 'basename {{ deploy_key_dir }}/dh*.pem | cut -d. -f1') }}" |
openvpn_tls_push | True | If true, it pushes secret.key to servers and clients |
openvpn_is_client | False | If true, host is marked as client |
openvpn_is_server | False | If true, host is marked as server |
This role works much better if you use clvx.easy-rsa to create your PKI.
- clvx.easy-rsa
-
Inventory
localhost
-
group_vars/localhost.yml
--- openvpn_is_client: True
or:
---
openvpn_is_server: True
YOU CAN NOT ASSIGN openvpn_is_client
and openvpn_is_server
AT THE SAME TIME
OR IT WILL FAIL.
-
Playbook:
- hosts: localhost roles: - openvpn
GPLv3
Luis Michael Ibarra
clvx: Twitter, IRC, Reddit