From b61070fea8556a0fc5282e8dfe9ff8e1e751af10 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sun, 7 Oct 2018 12:18:33 -0500
Subject: [PATCH] dch-openvpn: Support road-warrior clients

Moving the route definitions to global scope, and defining an address
pool, will allow other clients besides *dhatch-d4b* to connect to and
use the OpenVPN tunnel service. This may be useful in situations where
IPsec is blocked
---
 .../templates/clients/dhatch-d4b.securepassage.com.j2       | 2 --
 .../templates/pyrocufflink.openvpn.conf.j2                  | 6 ++++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/roles/dch-openvpn-server/templates/clients/dhatch-d4b.securepassage.com.j2 b/roles/dch-openvpn-server/templates/clients/dhatch-d4b.securepassage.com.j2
index 748d0d9..9671b4c 100644
--- a/roles/dch-openvpn-server/templates/clients/dhatch-d4b.securepassage.com.j2
+++ b/roles/dch-openvpn-server/templates/clients/dhatch-d4b.securepassage.com.j2
@@ -2,5 +2,3 @@ ifconfig-push 172.30.0.210 255.255.255.240
 {% for net in firemon_networks %}
 iroute {{ net|ipaddr('network') }} {{ net|ipaddr('netmask') }}
 {% endfor %}
-push "route 172.30.0.0 255.255.255.192 172.30.0.209"
-push "route 172.31.0.0 255.255.255.224 172.30.0.209"
diff --git a/roles/dch-openvpn-server/templates/pyrocufflink.openvpn.conf.j2 b/roles/dch-openvpn-server/templates/pyrocufflink.openvpn.conf.j2
index 2fdfff8..73a5148 100644
--- a/roles/dch-openvpn-server/templates/pyrocufflink.openvpn.conf.j2
+++ b/roles/dch-openvpn-server/templates/pyrocufflink.openvpn.conf.j2
@@ -12,9 +12,15 @@ dh dh2048.pem
 topology subnet
 push "topology subnet"
 ifconfig 172.30.0.209 255.255.255.240
+ifconfig-pool 172.30.0.216 172.30.0.222
 {% for net in firemon_networks %}
 route {{ net|ipaddr('network') }} {{ net|ipaddr('netmask') }} 172.30.0.210
 {% endfor %}
+push "route 172.30.0.0 255.255.255.192 172.30.0.209"
+push "route 172.31.0.0 255.255.255.224 172.30.0.209"
+push "route 172.31.0.64 255.255.255.240 172.30.0.209"
+push "dhcp-option DNS 172.30.0.4"
+push "dhcp-option DNS 172.30.0.3"
 client-to-client
 client-config-dir clients