openvpn job from openvpn/4.0.0

The `openvpn` job provides an OpenVPN server for clients to connect to.

Github source: 401cba7 or master branch

Properties¶

ccd¶

A list of Client Configuration Directives. This value is an array, with each client being an array whose first value is the client’s common name and second value is the OpenVPN directives.

Default

[]

cipher¶

Cipher for encrypting packets

Default

AES-256-CBC

compress¶

Default compression (or empty to disable)

Default

""

device¶

Virtual network device to use

Default

tun0

dh_pem¶

Diffie-Hellmann Key (DH PARAMETERS, including the begin/end markers)

extra_config¶

Custom OpenVPN configuration statements (see manual)

extra_configs¶

A list of custom OpenVPN configuration statements (see manual)

Default

[]

keysize¶

Size of cipher key in bits

Default

256

local¶

Bind IP for the server

Default

0.0.0.0

port¶

Bind Port for the server

Default

1194

protocol¶

Protocol for the server

Default

tcp

push_compress¶

Push default compression setting to clients

Default

true

push_dns¶

DNS servers to push to connecting clients to enable DNS resolution over the VPN tunnel

Default

[]

push_dns_search_domains¶

List of search domains to push to clients

Default

[]

push_routes¶

A list of routes to push to connecting clients (in the format of “192.0.2.0 255.255.255.0”)

Default

[]

routes¶

A list of routes for the local routing table (in the format of “192.0.2.0 255.255.255.0”)

Default

[]

server¶

VPN IP and netmask (basis of the IP pool which the server will allocate to clients)

tls_cipher¶

A colon-separated list of allowable TLS ciphers

Example

DEFAULT:!EXP:!LOW:!MEDIUM

tls_crl¶

Certificate Revocation List (X509 CRL, including the begin/end markers)

tls_crypt¶

Encrypt control channel packets with private key

tls_server¶

Certificate and Private Key for the server

Example

ca: |+
  -----BEGIN CERTIFICATE-----
  ...
  -----END CERTIFICATE-----
certificate: |+
  -----BEGIN CERTIFICATE-----
  ...
  -----END CERTIFICATE-----
private_key: |+
  -----BEGIN RSA PRIVATE KEY-----
  ...
  -----END RSA PRIVATE KEY-----

tls_version_min¶

The minimum TLS version accepted from peers

Default

"1.2"

Templates¶

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/openvpn/ directory (learn more).

• bin/control (from bin/control)
• bin/write-ccd (from bin/write-ccd.erb)
• etc/openvpn.conf (from etc/openvpn.conf.erb)

Packages¶

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.

• openvpn