浏览代码

* Made the OpenVPN port and protocol (tcp/udp) configurable

* Added 'cipher' and 'auth' lines to the generated client configs
Joshua Lund 11 年前
父节点
当前提交
4ed07a1e0a

+ 1
- 1
roles/common/tasks/ufw.yml 查看文件

@@ -20,7 +20,7 @@
20 20
     - 5222/tcp  # xmpp c2s
21 21
     - 5269/tcp  # xmpp s2s
22 22
     - 6697/tcp  # znc
23
-    - openvpn/udp
23
+    - "{{ openvpn_port }}/{{ openvpn_protocol }}"
24 24
     - 60000:61000/udp  # mosh udp packets
25 25
 
26 26
 - name: Check status of ufw

+ 4
- 2
roles/vpn/templates/client.cnf.j2 查看文件

@@ -1,7 +1,9 @@
1 1
 client
2 2
 dev tun
3
-proto udp
4
-remote {{ openvpn_server }} 1194
3
+proto {{ openvpn_protocol }}
4
+remote {{ openvpn_server }} {{ openvpn_port }}
5
+cipher {{ openvpn_cipher }}
6
+auth {{ openvpn_auth_digest }}
5 7
 resolv-retry infinite
6 8
 nobind
7 9
 persist-key

+ 2
- 2
roles/vpn/templates/etc_openvpn_server.conf.j2 查看文件

@@ -29,11 +29,11 @@
29 29
 # on the same machine, use a different port
30 30
 # number for each one.  You will need to
31 31
 # open up this port on your firewall.
32
-port 1194
32
+port {{ openvpn_port }}
33 33
 
34 34
 # TCP or UDP server?
35 35
 ;proto tcp
36
-proto udp
36
+proto {{ openvpn_protocol }}
37 37
 
38 38
 # "dev tun" will create a routed IP tunnel,
39 39
 # "dev tap" will create an ethernet tunnel.

+ 2
- 0
vars/defaults.yml 查看文件

@@ -61,6 +61,8 @@ openvpn_ca: "{{ openvpn_path }}/ca"
61 61
 openvpn_dhparam: "{{ openvpn_path }}/dh{{ openvpn_key_size }}.pem"
62 62
 openvpn_hmac_firewall: "{{ openvpn_path }}/ta.key"
63 63
 openvpn_server: "{{ domain }}"
64
+openvpn_port: "1194"
65
+openvpn_protocol: "udp"
64 66
 # openvpn_clients: (required)
65 67
 
66 68
 # webmail

正在加载...
取消
保存