roles/dch-openvpn-server: Deploy OpenVPN server

The *dch-openvpn-server* role installs and configures OpenVPN and stunnel to provide both native OpenVPN service as well as OpenVPN-over-TLS. The latter uses stunnel, listening on TCP port 9876, to allow better firewall traversal and TCP port sharing via reverse proxy.
2018-07-01 15:14:23 -05:00
parent b13f28f505
commit 780c8783db
7 changed files with 120 additions and 0 deletions
--- a/roles/dch-openvpn-server/templates/openvpn.stunnel.conf.j2
+++ b/roles/dch-openvpn-server/templates/openvpn.stunnel.conf.j2
@@ -0,0 +1,5 @@
+[openvpn]
+accept = 0.0.0.0:9876
+connect = localhost:1194
+cert = /etc/pki/tls/certs/openvpn.cer
+key = /etc/pki/tls/private/openvpn.key
--- a/roles/dch-openvpn-server/templates/pyrocufflink.openvpn.conf.j2
+++ b/roles/dch-openvpn-server/templates/pyrocufflink.openvpn.conf.j2
@@ -0,0 +1,20 @@
+dev tun
+port 1194
+proto tcp-server
+mode server
+tls-server
+
+ca ca.crt
+cert /etc/pki/tls/certs/openvpn.cer
+key /etc/pki/tls/private/openvpn.key
+dh dh2048.pem
+
+topology subnet
+push "topology subnet"
+ifconfig 172.30.0.208 255.255.255.240
+route 192.168.0.0 255.255.0.0 172.30.0.210
+route 172.16.0.0 255.255.240.0 172.30.0.210
+client-to-client
+client-config-dir clients
+
+keepalive 10 120