-
Notifications
You must be signed in to change notification settings - Fork 199
Expand file tree
/
Copy pathmain.yml
More file actions
74 lines (64 loc) · 3.29 KB
/
main.yml
File metadata and controls
74 lines (64 loc) · 3.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
---
openvpn_enabled: yes # The role is enabled
openvpn_version: stable # Version can be one of
# stable: stable releases only - no alphas, betas or RCs
# testing: latest releases, including alphas/betas/RCs
# release/2.3: OpenvPN 2.3 releases
# release/2.4: OpenVPN 2.4 releases, including alphas/betas/RCs
openvpn_etcdir: /etc/openvpn
openvpn_keydir: "{{openvpn_etcdir}}/keys"
# Installation settings
openvpn_use_external_repo: false # Enable upstream OpenVPN repository
openvpn_use_system_easyrsa: false # Install EasyRSA from system packages
# Default settings (See OpenVPN documentation)
openvpn_host: "{{inventory_hostname}}" # The server address
openvpn_port: 1194
openvpn_proto: udp
openvpn_dev: tun
openvpn_server: 10.8.0.0 255.255.255.0 # Set empty for skip
openvpn_bridge: {}
openvpn_max_clients: 100
openvpn_log: /var/log/openvpn.log # Log's directory
openvpn_keepalive: "10 120"
openvpn_ifconfig_pool_persist: ipp.txt
openvpn_comp_lzo: yes # Enable compression
openvpn_cipher: BF-CBC # Encryption algorithm
openvpn_status: openvpn-status.log
openvpn_verb: 3
openvpn_tls_auth : False # Enable perfect forward secracyxy
openvpn_tls_key : "ta.key"
openvpn_user: nobody
openvpn_group: nogroup
openvpn_resolv_retry: infinite
openvpn_client_to_client: yes
openvpn_server_options: [] # Additional server options
# openvpn_server_options:
# - dev-node MyTap
# - client-to-client
openvpn_client_options: [] # Additional client options
# openvpn_client_options:
# - dev-node MyTap
# - client-to-client
openvpn_key_country: US
openvpn_key_province: CA
openvpn_key_city: SanFrancisco
openvpn_key_org: Fort-Funston
openvpn_key_email: me@myhost.mydomain
openvpn_key_size: 1024
openvpn_clients: [client] # Make clients certificate
openvpn_clients_revoke: [] # Revoke clients certificates
# Use PAM authentication
openvpn_use_pam: yes
openvpn_use_pam_users: [] # If empty use system users
# otherwise use users from the option
# openvpn_use_pam_users:
# - { name: user, password: password }
# LDAP authentication and configuration (optional)
openvpn_use_ldap: no
openvpn_ldap_tlsenable: 'no'
openvpn_ldap_follow_referrals: 'no'
# Use simple authentication (default is disabled)
openvpn_simple_auth: no
openvpn_simple_auth_password: ""
# Whether to embed CA, cert, and key info inside client OVPN config file.
openvpn_unified_client_profiles: no