openvpn job from openvpn/3.1.4
Github source:
b802745
or
master branch
Properties¶
openvpn
¶
ca_crt
¶CA Certificate
ccd
¶A list of Client Configuration Directives
- Default
[]
cipher
¶Cipher for encrypting packets
- Default
BF-CBC
client_config
¶A list of Client Configuration Connections
- Default
[]
crl_pem
¶Certificate Revocation List
dh_pem
¶Diffie-Hellmann Key
extra_config
¶Custom OpenVPN configuration statements
iptables
¶IPTable rules to manage
- Default
[]- Example
- POSTROUTING -t nat -s 192.0.2.0/24 -d 10.10.1.0/24 -j MASQUERADE -m comment --comment 'vpn -> private lan' - POSTROUTING -t nat -s 192.0.2.0/24 -d 10.10.2.100/32 -j MASQUERADE -m comment --comment 'vpn -> internal backup server'
keysize
¶Size of cipher key in bits
- Default
256
local
¶Bind IP for the server
- Default
0.0.0.0
port
¶Bind Port for the server
- Default
1194
push_routes
¶Routes to push to connecting clients
- Default
[]
routes
¶Routes for the local routing table
- Default
[]
server
¶VPN IP and netmask
server_crt
¶Server Certificate
server_key
¶Server Key
tls_cipher
¶A colon-separated list of allowable TLS ciphers
- Example
DEFAULT:!EXP:!LOW:!MEDIUM
tls_version_min
¶The minimum TLS version accepted from peers
- Default
"1.0"
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/openvpn/
directory
(learn more).
bin/apply-iptables
(frombin/apply-iptables.erb
)bin/control
(frombin/control
)bin/control-client
(frombin/control-client
)bin/write-ccd
(frombin/write-ccd.erb
)bin/write-clients
(frombin/write-clients.erb
)etc/ca.crt
(frometc/ca.crt.erb
)etc/crl.pem
(frometc/crl.pem.erb
)etc/dh.pem
(frometc/dh.pem.erb
)etc/openvpn.conf
(frometc/openvpn.conf.erb
)etc/server.crt
(frometc/server.crt.erb
)etc/server.key
(frometc/server.key.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.