2022-09-06 11:26:19 +02:00
|
|
|
user _openvpn
|
|
|
|
group _openvpn
|
2022-01-24 19:12:48 +01:00
|
|
|
|
|
|
|
local {{ ansible_default_ipv4.address }}
|
|
|
|
port 1194
|
|
|
|
proto udp
|
|
|
|
dev tun
|
|
|
|
mode server
|
2022-03-23 10:45:53 +01:00
|
|
|
topology subnet
|
2022-01-24 19:12:48 +01:00
|
|
|
keepalive 10 120
|
2022-02-03 18:35:16 +01:00
|
|
|
tls-exit
|
2022-01-24 19:12:48 +01:00
|
|
|
|
|
|
|
cipher AES-256-GCM # AES
|
|
|
|
|
|
|
|
persist-key
|
|
|
|
persist-tun
|
|
|
|
|
2022-02-03 18:35:16 +01:00
|
|
|
ifconfig-pool-persist /etc/openvpn/ipp.txt
|
|
|
|
|
2022-01-24 19:12:48 +01:00
|
|
|
status /var/log/openvpn-status.log
|
|
|
|
log-append /var/log/openvpn.log
|
|
|
|
|
|
|
|
ca /etc/shellpki/cacert.pem
|
|
|
|
cert /etc/shellpki/certs/{{ ansible_fqdn }}.crt
|
|
|
|
key /etc/shellpki/private/TO_COMPLETE
|
|
|
|
dh /etc/shellpki/dh2048.pem
|
|
|
|
|
|
|
|
crl-verify /etc/shellpki/crl.pem
|
|
|
|
|
|
|
|
server {{ openvpn_lan }} {{ openvpn_netmask }}
|
|
|
|
|
|
|
|
#push "route 192.0.3.0 255.255.255.0"
|
|
|
|
|
|
|
|
# Management interface (used by check_openvpn for Nagios)
|
|
|
|
management 127.0.0.1 1195 /etc/openvpn/management-pwd
|