dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity

dch-openvpn: Support road-warrior clients 

Moving the route definitions to global scope, and defining an address
pool, will allow other clients besides *dhatch-d4b* to connect to and
use the OpenVPN tunnel service. This may be useful in situations where
IPsec is blocked
jenkins-master
Dustin 2018-10-07 12:18:33 -05:00
parent a1ca06a3c5
commit b61070fea8
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/dch-openvpn-server/templates/clients/dhatch-d4b.securepassage.com.j2
View File

@ -2,5 +2,3 @@ ifconfig-push 172.30.0.210 255.255.255.240
{% for net in firemon_networks %} {% for net in firemon_networks %}
iroute {{ net|ipaddr('network') }} {{ net|ipaddr('netmask') }} iroute {{ net|ipaddr('network') }} {{ net|ipaddr('netmask') }}
{% endfor %} {% endfor %}
push "route 172.30.0.0 255.255.255.192 172.30.0.209"
push "route 172.31.0.0 255.255.255.224 172.30.0.209"

6
roles/dch-openvpn-server/templates/pyrocufflink.openvpn.conf.j2
View File

@ -12,9 +12,15 @@ dh dh2048.pem
topology subnet topology subnet
push "topology subnet" push "topology subnet"
ifconfig 172.30.0.209 255.255.255.240 ifconfig 172.30.0.209 255.255.255.240
ifconfig-pool 172.30.0.216 172.30.0.222
{% for net in firemon_networks %} {% for net in firemon_networks %}
route {{ net|ipaddr('network') }} {{ net|ipaddr('netmask') }} 172.30.0.210 route {{ net|ipaddr('network') }} {{ net|ipaddr('netmask') }} 172.30.0.210
{% endfor %} {% endfor %}
push "route 172.30.0.0 255.255.255.192 172.30.0.209"
push "route 172.31.0.0 255.255.255.224 172.30.0.209"
push "route 172.31.0.64 255.255.255.240 172.30.0.209"
push "dhcp-option DNS 172.30.0.4"
push "dhcp-option DNS 172.30.0.3"
client-to-client client-to-client
client-config-dir clients client-config-dir clients