class Construqt::Flavour::Ubuntu::Opvn

Public Class Methods

new(cfg) click to toggle source
Calls superclass method
# File lib/construqt/flavour/ubuntu/flavour_ubuntu_opvn.rb, line 6
def initialize(cfg)
  super(cfg)
end

Public Instance Methods

build_config(host, opvn) click to toggle source
# File lib/construqt/flavour/ubuntu/flavour_ubuntu_opvn.rb, line 10
        def build_config(host, opvn)
          iface = opvn.delegate
          local = iface.ipv6 ? host.id.first_ipv6.first_ipv6 : host.id.first_ipv4.first_ipv4
          return unless local
          push_routes = ""
          if iface.push_routes
            push_routes = iface.push_routes.routes.map{|route| "push \"route #{route.dst.to_string}\"" }.join("\n")
          end

          host.result.add(self, iface.cacert, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::OPENVPN), "etc", "openvpn", "ssl", "#{iface.name}-cacert.pem")
          host.result.add(self, iface.hostcert, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::OPENVPN), "etc", "openvpn", "ssl", "#{iface.name}-hostcert.pem")
          host.result.add(self, iface.hostkey, Construqt::Resources::Rights.root_0600(Construqt::Resources::Component::OPENVPN), "etc", "openvpn", "ssl", "#{iface.name}-hostkey.pem")
          host.result.add(self, iface.dh1024, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::OPENVPN), "etc", "openvpn", "ssl", "#{iface.name}-dh1024")
          host.result.add(self, <<OPVN, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::OPENVPN), "etc", "openvpn", "#{iface.name}.conf")
daemon
local #{local}
proto udp#{local.ipv6? ? '6' : ''}
port 1194
mode server
tls-server
dev #{iface.name}
ca   /etc/openvpn/ssl/#{iface.name}-cacert.pem
cert /etc/openvpn/ssl/#{iface.name}-hostcert.pem
key  /etc/openvpn/ssl/#{iface.name}-hostkey.pem
dh   /etc/openvpn/ssl/#{iface.name}-dh1024
server #{iface.network.first_ipv4.to_s} #{iface.network.first_ipv4.netmask}
server-ipv6 #{iface.network.first_ipv6.to_string}
client-to-client
keepalive 10 30
cipher AES-128-CBC   # AES
cipher BF-CBC        # Blowfish (default)
comp-lzo
max-clients 100
user nobody
group nogroup
persist-key
persist-tun
status /etc/openvpn/status
log-append  /var/log/openvpn-#{iface.name}.log
mute 20
          #{push_routes}
mssfix #{iface.mtu||1348}
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so openvpn
client-cert-not-required
script-security 2
OPVN
        end