initial commit

templates/client.ovpn.j2

@@ -0,0 +1,43 @@
+# alterway - openvpn client configuration
+
+client
+dev           {{ openvpn_dev }}
+proto         {{ openvpn_proto) }}
+remote        {{ openvpn_public_ip }} {{ openvpn_port }}
+resolv-retry  infinite
+
+nobind
+
+persist-key
+persist-tun
+
+ca            [inline]
+cert          [inline]
+key           [inline]
+{% if openvpn_tls_auth is defined and openvpn_tls_auth == "true" %}
+tls-auth      [inline] 1
+{% endif %}
+
+cipher        {{ openvpn_cipher }}
+auth          {{ openvpn_auth  }}
+tls-cipher    {{ openvpn_tls_cipher }}
+
+compress      {{ openvpn_compress }}
+
+<ca>
+{{ loop_ca }}
+</ca>
+
+<cert>
+{{ loop_cert }}
+</cert>
+
+<key>
+{{ loop_key }}
+</key>
+
+{% if openvpn_tls_auth is defined and openvpn_tls_auth == "true" %}
+<tls-auth>
+{{ loop_ta }}
+</tls-auth>
+{% endif %}

templates/ipp.txt.j2

@@ -0,0 +1,8 @@
+# ansible managed - DO NOT EDIT MANUALLY !!!
+# official documentation - https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/
+#
+# <user>,<ip_address>
+
+{% for user in openvpn_client %}
+{{ user.name }},{{ user.ip }}
+{% endfor %}

templates/server.conf.j2

@@ -0,0 +1,54 @@
+# ansible managed - DO NOT EDIT MANUALLY !!!
+# official documentation - https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/
+
+user                  {{ openvpn_user }}
+group                 {{ openvpn_group }}
+
+server                {{ openvpn_ip_range }} {{ openvpn_ip_netmask }}
+port                  {{ openvpn_port }}
+proto                 {{ openvpn_proto }}
+dev                   {{ openvpn_dev }}
+
+keepalive             {{ openvpn_keepalive_ping }} {{ openvpn_keepalive_timeout }}
+
+ca                    /etc/openvpn/{{ ansible_hostname }}/keys/ca.crt
+cert                  /etc/openvpn/{{ ansible_hostname }}/keys/{{ ansible_hostname }}.crt
+key                   /etc/openvpn/{{ ansible_hostname }}/keys/{{ ansible_hostname }}.key
+dh                    /etc/openvpn/{{ ansible_hostname }}/keys/dh.pem
+{% if openvpn_tls_auth is defined and openvpn_tls_auth == "true" %}
+tls-auth              /etc/openvpn/{{ ansible_hostname }}/keys/ta.key 0
+{% endif %}
+
+cipher                {{ openvpn_cipher }}
+auth                  {{ openvpn_auth  }}
+tls-cipher            {{ openvpn_tls_cipher }}
+
+compress              {{ openvpn_compress }}
+push                  "compress {{ openvpn_compress }}"
+
+max-clients           {{ openvpn_maxclients }}
+
+ifconfig-pool-persist /etc/openvpn/{{ ansible_hostname }}/ipp.txt
+
+{% if openvpn_push_route is defined %}
+{% for route in openvpn_push_route %}
+push                  "route {{ route.ip }} {{ route.netmask }}"
+{% endfor %}
+{% endif %}
+
+persist-key
+persist-tun
+
+verb                  {{ openvpn_log_verbosity }}
+status                {{ openvpn_log_status }}
+log-append            {{ openvpn_log_append }}
+
+mute                  {{ openvpn_mute }}
+
+{% if openvpn_proto is defined and openvpn_proto == "udp" %}
+explicit-exit-notify  5
+{% endif %}
+
+{% if openvpn_client_to_client is defined and openvpn_client_to_client is sameas true %}
+client-to-client
+{% endif %}

templates/vars.j2

@@ -0,0 +1,15 @@
+# ansible managed - DO NOT EDIT MANUALLY !!!
+
+if [ -z "$EASYRSA_CALLER" ]; then
+	echo "You appear to be sourcing an Easy-RSA 'vars' file." >&2
+	echo "This is no longer necessary and is disallowed. See the section called" >&2
+	echo "'How to use this file' near the top comments for more details." >&2
+	return 1
+fi
+
+set_var EASYRSA_REQ_COUNTRY	"{{ openvpn_easyrsa_req_country }}"
+set_var EASYRSA_REQ_PROVINCE	"{{ openvpn_easyrsa_req_province }}"
+set_var EASYRSA_REQ_CITY	"{{ openvpn_easyrsa_req_city }}"
+set_var EASYRSA_REQ_ORG		"{{ openvpn_easyrsa_req_org }}"
+set_var EASYRSA_REQ_EMAIL	"{{ openvpn_easyrsa_req_email }}"
+set_var EASYRSA_REQ_OU		"{{ openvpn_easyrsa_req_ou }}"