Hello,
The generated configuration for openvpn has (at least) one error when we activate only the "remote" option for openvpn::server:
Nov 20 14:31:34 ip-192-168-4-8.sandbox.internal puppet-agent[30586]: Nov 20 14:31:34 ip-192-168-4-8.sandbox.internal systemd[1]: Starting OpenVPN Robust And Highly Flexible Tunneling Application On lsn...
Nov 20 14:31:34 ip-192-168-4-8.sandbox.internal puppet-agent[30586]: Nov 20 14:31:34 ip-192-168-4-8.sandbox.internal openvpn[30973]: Options error: You must define DH file (--dh)
Nov 20 14:31:34 ip-192-168-4-8.sandbox.internal puppet-agent[30586]: Nov 20 14:31:34 ip-192-168-4-8.sandbox.internal openvpn[30973]: Use --help for more information.
After a small check, it appears the "dh" is ignored from the configuration file as soon as we enable the "remote" parameter:
https://github.com/voxpupuli/puppet-openvpn/blob/master/templates/server.erb#L20-L22
https://github.com/voxpupuli/puppet-openvpn/blob/master/templates/server.erb#L30-L32
The first one excludes dh parameter even if we pass it as a parameter to the openvpn::server (in case we use an external CA), the second one ignores it "by default".
For information, we're wanting to make a site-to-site VPN, which is neither client nor server. I'm not sure this module covers that specific use, in fact. I'm OK for providing at least a base configuration for that kind of use-case.
Care to advice?
Cheers,
C.
Hello,
The generated configuration for openvpn has (at least) one error when we activate only the "remote" option for
openvpn::server:After a small check, it appears the "dh" is ignored from the configuration file as soon as we enable the "remote" parameter:
https://github.com/voxpupuli/puppet-openvpn/blob/master/templates/server.erb#L20-L22
https://github.com/voxpupuli/puppet-openvpn/blob/master/templates/server.erb#L30-L32
The first one excludes
dhparameter even if we pass it as a parameter to theopenvpn::server(in case we use an external CA), the second one ignores it "by default".For information, we're wanting to make a site-to-site VPN, which is neither client nor server. I'm not sure this module covers that specific use, in fact. I'm OK for providing at least a base configuration for that kind of use-case.
Care to advice?
Cheers,
C.