openvpn job

The openvpn job provides an OpenVPN server for clients to connect to.

Usage

releases:
- name: "openvpn"
  version: "5.8.0"
instance_groups:
- name: "openvpn"
  jobs:
  - name: "openvpn"
    release: "openvpn"
    properties: {}

Properties

The following properties can be configured for the job.

ccd

A list of Client Configuration Directives. This value is an array, with each client being an array whose first value is the client’s common name and second value is the OpenVPN directives.
Default
[]

cipher

Cipher for encrypting packets
Default
AES-256-CBC

compress

Default compression (or empty to disable)
Default
auto

device

Virtual network device to use
Default
tun0

dh_pem

Diffie-Hellmann Key (DH PARAMETERS, including the begin/end markers)

extra_config

Custom OpenVPN configuration statements (see manual)
Default
null

extra_configs

A list of custom OpenVPN configuration statements (see manual)
Default
[]

keysize

Size of cipher key in bits (deprecated)
Default
256

local

Bind IP for the server
Default
0.0.0.0

port

Bind Port for the server
Default
1194

protocol

Protocol for the server
Default
tcp

push_dns

A list of DNS servers to push to connecting clients to enable DNS resolution over the VPN tunnel
Default
[]
Example
- 8.8.4.4
- 8.8.8.8

push_dns_search_domains

List of search domains to push to clients
Default
[]

push_routes

A list of routes to push to connecting clients (in the format of “192.0.2.0 255.255.255.0”)
Default
[]

routes

A list of routes for the local routing table (in the format of “192.0.2.0 255.255.255.0”)
Default
[]

server

VPN IP and netmask (basis of the IP pool which the server will allocate to clients)

tls_cipher

A colon-separated list of allowable TLS ciphers
Example
DEFAULT:!EXP:!LOW:!MEDIUM

tls_crl

Certificate Revocation List (X509 CRL, including the begin/end markers)

tls_crypt

Encrypt control channel packets with private key

tls_server

Certificate and Private Key for the server
Example
ca: |
  -----BEGIN CERTIFICATE-----
  ...
  -----END CERTIFICATE-----
certificate: |
  -----BEGIN CERTIFICATE-----
  ...
  -----END CERTIFICATE-----
private_key: |
  -----BEGIN RSA PRIVATE KEY-----
  ...
  -----END RSA PRIVATE KEY-----

tls_version_min

The minimum TLS version accepted from peers
Default
"1.2"

Provided Links

The job provides the following links.

openvpn (openvpn)

Properties
protocol
port
cipher
keysize
tls_version_min
tls_cipher
tls_crypt
tls_server

Runtime

Templates

The following templates are rendered and installed in /var/vcap/jobs/openvpn.

Packages

The job depends on the following packages installed in /var/vcap/packages.

Source

Based on jobs/openvpn/spec (source, YAML, JSON).