X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/2ec62d46e6d050fe6384df90a2869036662d1b51..faf8ae12e85eabb050b0f5eceb2cb67ad1de5261:/cookbooks/openvpn/templates/default/tunnel.conf.erb

diff --git a/cookbooks/openvpn/templates/default/tunnel.conf.erb b/cookbooks/openvpn/templates/default/tunnel.conf.erb
new file mode 100644
index 000000000..748f96993
--- /dev/null
+++ b/cookbooks/openvpn/templates/default/tunnel.conf.erb
@@ -0,0 +1,47 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+# Set the local port to use
+port <%= @port %>
+
+# Use UDP
+proto udp
+
+# Use routed IP tunnels
+dev tun
+
+# Use shared secret authentication
+secret <%= @name %>.key
+
+# Run in peer-to-peer mode
+mode p2p
+<% if @mode == "client" -%>
+
+# Connect to the remote machine
+remote <%= @peer[:host] %> <%= @peer[:port] %>
+<% end -%>
+
+# Configure interface and routing
+ifconfig <%= @address %> <%= @peer[:address] %>
+<% @peer[:networks].each do |network| -%>
+route <%= network[:address] %> <%= network[:netmask] %>
+<% end -%>
+
+# Keepalive - check every 10 seconds and reset after 2 minutes
+keepalive 10 120
+
+# Use AES-128 as the cipher
+cipher AES-128-CBC
+
+# Enable compression
+comp-lzo
+
+# Run unprivileged
+user nobody
+group nogroup
+
+# Reuse resources on restart to avoid privilege problems
+persist-key
+persist-tun
+
+# Set log verbosity
+verb 3