openvpn
job
Usage
releases:
- name: "openvpn"
version: "3.1.3"
instance_groups:
- name: "openvpn"
jobs:
- name: "openvpn"
release: "openvpn"
properties: {}
Properties
The following properties can be configured for the job.
openvpn.ca_crt
CA Certificate
This should include
-----BEGIN CERTIFICATE-----
through -----END CERTIFICATE-----
.openvpn.ccd
A list of Client Configuration Directives
This value is an array, with each client being an array whose first value is the client’s common name and second value is the OpenVPN directives.
Default
[]
openvpn.cipher
Cipher for encrypting packets
Default
BF-CBC
openvpn.client_config
A list of Client Configuration Connections
This value is an array, with each client connection being an item.
Default
[]
openvpn.crl_pem
Certificate Revocation List
This should inclulde
-----BEGIN X509 CRL-----
through -----END X509 CRL-----
.openvpn.dh_pem
Diffie-Hellmann Key
This should include
-----BEGIN DH PARAMETERS-----
through -----END DH PARAMETERS-----
.openvpn.extra_config
Custom OpenVPN configuration statements
For more details, see the manual with all the available options.
Default
null
openvpn.iptables
IPTable rules to manage
Default
[]
Example
- POSTROUTING -t nat -s 192.0.2.0/24 -d 10.10.1.0/24 -j MASQUERADE -m comment --comment
'vpn -> private lan'
- POSTROUTING -t nat -s 192.0.2.0/24 -d 10.10.2.100/32 -j MASQUERADE -m comment --comment
'vpn -> internal backup server'
openvpn.keysize
Size of cipher key in bits
Default
256
openvpn.local
Bind IP for the server
Default
0.0.0.0
openvpn.port
Bind Port for the server
Default
1194
openvpn.push_routes
Routes to push to connecting clients
These should be in a format similar to “192.0.2.0 255.255.255.0”.
Default
[]
openvpn.routes
Routes for the local routing table
These will be added to the local kernel’s routing table and should be in the format of “192.0.2.0 255.255.255.0”.
Default
[]
openvpn.server
VPN IP and netmask
This is the basis of the IP pool which the server will allocate to clients.
openvpn.server_crt
Server Certificate
This should include
-----BEGIN CERTIFICATE-----
through -----END CERTIFICATE-----
.openvpn.server_key
Server Key
This should include
-----BEGIN RSA PRIVATE KEY-----
through -----END RSA PRIVATE KEY-----
.Runtime
Templates
The following templates are rendered and installed in /var/vcap/jobs/openvpn
.
bin/apply-iptables
(source)bin/control
(source)bin/control-client
(source)bin/write-ccd
(source)bin/write-clients
(source)etc/ca.crt
(source)etc/crl.pem
(source)etc/dh.pem
(source)etc/openvpn.conf
(source)etc/server.crt
(source)etc/server.key
(source)
Packages
The job depends on the following packages installed in /var/vcap/packages
.