diff options
Diffstat (limited to 'roles/ocserv/templates')
| -rw-r--r-- | roles/ocserv/templates/ca.tmpl.j2 | 8 | ||||
| -rw-r--r-- | roles/ocserv/templates/crl.tmpl.j2 | 2 | ||||
| -rw-r--r-- | roles/ocserv/templates/ocserv.conf.j2 | 48 | ||||
| -rw-r--r-- | roles/ocserv/templates/ocserv.rc.j2 | 14 | ||||
| -rw-r--r-- | roles/ocserv/templates/server.tmpl.j2 | 7 |
5 files changed, 79 insertions, 0 deletions
diff --git a/roles/ocserv/templates/ca.tmpl.j2 b/roles/ocserv/templates/ca.tmpl.j2 new file mode 100644 index 00000000..c595f0c3 --- /dev/null +++ b/roles/ocserv/templates/ca.tmpl.j2 @@ -0,0 +1,8 @@ +cn = "VPN CA" +organization = "Big Corp" +serial = 1 +expiration_days = -1 +ca +signing_key +cert_signing_key +crl_signing_key diff --git a/roles/ocserv/templates/crl.tmpl.j2 b/roles/ocserv/templates/crl.tmpl.j2 new file mode 100644 index 00000000..b70745fd --- /dev/null +++ b/roles/ocserv/templates/crl.tmpl.j2 @@ -0,0 +1,2 @@ +crl_next_update = 365 +crl_number = 1 diff --git a/roles/ocserv/templates/ocserv.conf.j2 b/roles/ocserv/templates/ocserv.conf.j2 new file mode 100644 index 00000000..4f722487 --- /dev/null +++ b/roles/ocserv/templates/ocserv.conf.j2 @@ -0,0 +1,48 @@ +chroot-dir = /var/reactance/ocserv +auth = "certificate" +tcp-port = {{ ocserv_port | default("4430") }} +run-as-user = _vpn +run-as-group = _vpn + +socket-file = run/ocserv-socket +server-cert = /var/reactance/ocserv/certs/server-cert.pem +server-key = /var/reactance/ocserv/certs/server-key.pem +ca-cert = /var/reactance/ocserv/certs/ca-cert.pem +crl = /var/reactance/ocserv/certs/crl.pem + +max-clients = 10000 +max-same-clients = 2 +rate-limit-ms = 100 +server-stats-reset-time = 604800 +keepalive = 32400 +dpd = 90 +mobile-dpd = 1800 +switch-to-tcp-timeout = 25 +try-mtu-discovery = false +cert-user-oid = 0.9.2342.19200300.100.1.1 +compression = true +tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1" +auth-timeout = 240 +min-reauth-time = 300 +max-ban-score = 80 +ban-reset-time = 1200 +cookie-timeout = 300 +deny-roaming = false +rekey-time = 172800 +rekey-method = ssl +use-occtl = true +pid-file = /var/reactance/ocserv/run/ocserv.pid +log-level = 3 +device = vpns +predictable-ips = true +ipv4-network = {{ ocserv_network | default("172.16.16.0/24") }} +tunnel-all-dns = true +{% if not lookup('vars', 'disable_dns', default=false) %} +dns = {{ (ocserv_network|default("172.16.16.0/24"))|ansible.utils.nthhost(2) }} +{% else %} +dns = 9.9.9.9 +{% endif %} +ping-leases = false +route = default +cisco-client-compat = true +max-ban-score = 20 diff --git a/roles/ocserv/templates/ocserv.rc.j2 b/roles/ocserv/templates/ocserv.rc.j2 new file mode 100644 index 00000000..f68a06ff --- /dev/null +++ b/roles/ocserv/templates/ocserv.rc.j2 @@ -0,0 +1,14 @@ +#!/bin/ksh +# $OpenBSD: ocserv +daemon="/usr/local/sbin/ocserv" +daemon_flags="-c /var/reactance/ocserv/ocserv.conf" + +. /etc/rc.d/rc.subr + +pexp="ocserv: ocserv-main" + +rc_pre() { + /usr/bin/install -d -o _vpn /var/reactance/ocserv/run/ +} + +rc_cmd $1 diff --git a/roles/ocserv/templates/server.tmpl.j2 b/roles/ocserv/templates/server.tmpl.j2 new file mode 100644 index 00000000..f5eb7b66 --- /dev/null +++ b/roles/ocserv/templates/server.tmpl.j2 @@ -0,0 +1,7 @@ +cn = "VPN server" +ip_address = "{{ ansible_default_ipv4.address|default(ansible_all_ipv4_addresses[0]) }}" +organization = "MyCompany" +expiration_days = -1 +signing_key +encryption_key +tls_www_server |