Skip to content

openvpn job from openvpn/3.2.0

Github source: e9b118e or master branch

Properties

openvpn

ca_crt

CA Certificate

ccd

A list of Client Configuration Directives

Default
[]

cipher

Cipher for encrypting packets

Default
BF-CBC

client_config

A list of Client Configuration Connections

Default
[]

crl_pem

Certificate Revocation List

dh_pem

Diffie-Hellmann Key

extra_config

Custom OpenVPN configuration statements

iptables

IPTable rules to manage

Default
[]
Example
- POSTROUTING -t nat -s 192.0.2.0/24 -d 10.10.1.0/24 -j MASQUERADE -m comment --comment
  'vpn -> private lan'
- POSTROUTING -t nat -s 192.0.2.0/24 -d 10.10.2.100/32 -j MASQUERADE -m comment --comment
  'vpn -> internal backup server'

keysize

Size of cipher key in bits

Default
256

local

Bind IP for the server

Default
0.0.0.0

port

Bind Port for the server

Default
1194

push_dns

DNS servers to push to connecting clients

Default
[]

push_dns_search_domains

List of search domains to push to clients

Default
[]

push_routes

Routes to push to connecting clients

Default
[]

routes

Routes for the local routing table

Default
[]

server

VPN IP and netmask

server_crt

Server Certificate

server_key

Server Key

tls_cipher

A colon-separated list of allowable TLS ciphers

Example
DEFAULT:!EXP:!LOW:!MEDIUM

tls_version_min

The minimum TLS version accepted from peers

Default
"1.0"

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/openvpn/ directory (learn more).

  • bin/apply-iptables (from bin/apply-iptables.erb)
  • bin/control (from bin/control)
  • bin/control-client (from bin/control-client)
  • bin/write-ccd (from bin/write-ccd.erb)
  • bin/write-clients (from bin/write-clients.erb)
  • etc/ca.crt (from etc/ca.crt.erb)
  • etc/crl.pem (from etc/crl.pem.erb)
  • etc/dh.pem (from etc/dh.pem.erb)
  • etc/openvpn.conf (from etc/openvpn.conf.erb)
  • etc/server.crt (from etc/server.crt.erb)
  • etc/server.key (from etc/server.key.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.