openvpn job from openvpn/5.3.0
The `openvpn` job provides an OpenVPN server for clients to connect to.
Github source:
646a737
or
master branch
Properties¶
ccd
¶
A list of Client Configuration Directives. This value is an array, with each client being an array whose first value is the client’s common name and second value is the OpenVPN directives.
- Default
[]
cipher
¶
Cipher for encrypting packets
- Default
AES-256-CBC
compress
¶
Default compression (or empty to disable)
- Default
auto
device
¶
Virtual network device to use
- Default
tun0
dh_pem
¶
Diffie-Hellmann Key (DH PARAMETERS
, including the begin/end markers)
extra_config
¶
Custom OpenVPN configuration statements (see manual)
extra_configs
¶
A list of custom OpenVPN configuration statements (see manual)
- Default
[]
keysize
¶
Size of cipher key in bits (deprecated)
- Default
256
local
¶
Bind IP for the server
- Default
0.0.0.0
port
¶
Bind Port for the server
- Default
1194
protocol
¶
Protocol for the server
- Default
tcp
push_dns
¶
A list of DNS servers to push to connecting clients to enable DNS resolution over the VPN tunnel
- Default
[]
- Example
-
- 8.8.4.4 - 8.8.8.8
push_dns_search_domains
¶
List of search domains to push to clients
- Default
[]
push_routes
¶
A list of routes to push to connecting clients (in the format of “192.0.2.0 255.255.255.0”)
- Default
[]
routes
¶
A list of routes for the local routing table (in the format of “192.0.2.0 255.255.255.0”)
- Default
[]
server
¶
VPN IP and netmask (basis of the IP pool which the server will allocate to clients)
tls_cipher
¶
A colon-separated list of allowable TLS ciphers
- Example
-
DEFAULT:!EXP:!LOW:!MEDIUM
tls_crl
¶
Certificate Revocation List (X509 CRL
, including the begin/end markers)
tls_crypt
¶
Encrypt control channel packets with private key
tls_server
¶
Certificate and Private Key for the server
- Example
-
ca: |+ -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- certificate: |+ -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- private_key: |+ -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY-----
tls_version_min
¶
The minimum TLS version accepted from peers
- Default
"1.2"
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/openvpn/
directory
(learn more).
bin/client-connect
(frombin/client-connect
)bin/control
(frombin/control
)bin/write-ccd
(frombin/write-ccd.erb
)etc/openvpn.conf
(frometc/openvpn.conf.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.