Skip to content

openvpn job from openvpn/5.2.0

The `openvpn` job provides an OpenVPN server for clients to connect to.

Github source: fd46aa9 or master branch

Properties

ccd

A list of Client Configuration Directives. This value is an array, with each client being an array whose first value is the client’s common name and second value is the OpenVPN directives.

Default
[]

cipher

Cipher for encrypting packets

Default
AES-256-CBC

compress

Default compression (or empty to disable)

Default
auto

device

Virtual network device to use

Default
tun0

dh_pem

Diffie-Hellmann Key (DH PARAMETERS, including the begin/end markers)

extra_config

Custom OpenVPN configuration statements (see manual)

extra_configs

A list of custom OpenVPN configuration statements (see manual)

Default
[]

keysize

Size of cipher key in bits (deprecated)

Default
256

local

Bind IP for the server

Default
0.0.0.0

port

Bind Port for the server

Default
1194

protocol

Protocol for the server

Default
tcp

push_dns

A list of DNS servers to push to connecting clients to enable DNS resolution over the VPN tunnel

Default
[]
Example
- 8.8.4.4
- 8.8.8.8

push_dns_search_domains

List of search domains to push to clients

Default
[]

push_routes

A list of routes to push to connecting clients (in the format of “192.0.2.0 255.255.255.0”)

Default
[]

routes

A list of routes for the local routing table (in the format of “192.0.2.0 255.255.255.0”)

Default
[]

server

VPN IP and netmask (basis of the IP pool which the server will allocate to clients)

tls_cipher

A colon-separated list of allowable TLS ciphers

Example
DEFAULT:!EXP:!LOW:!MEDIUM

tls_crl

Certificate Revocation List (X509 CRL, including the begin/end markers)

tls_crypt

Encrypt control channel packets with private key

tls_server

Certificate and Private Key for the server

Example
ca: |+
  -----BEGIN CERTIFICATE-----
  ...
  -----END CERTIFICATE-----
certificate: |+
  -----BEGIN CERTIFICATE-----
  ...
  -----END CERTIFICATE-----
private_key: |+
  -----BEGIN RSA PRIVATE KEY-----
  ...
  -----END RSA PRIVATE KEY-----

tls_version_min

The minimum TLS version accepted from peers

Default
"1.2"

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/openvpn/ directory (learn more).

  • bin/client-connect (from bin/client-connect)
  • bin/control (from bin/control)
  • bin/write-ccd (from bin/write-ccd.erb)
  • etc/openvpn.conf (from etc/openvpn.conf.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.