openvpn server #1

Supports: bionic
Add to new model

Description

This charm provides a templated openvpn server which assumes that pki is done elsewhere, and pushed to the machine using SSH. .


Overview

This charm installs a unit that serves as an openvpn server for clients.

Through the various config options it can be deploy both UDP and TCP servers, and can also support IPv4 and IPv6 deployments.

Usage

Install this charm:

juju deploy cs:~openvpn-server-charmers/openvpn-server

Configuration

ca_certificate
(string) base64 encoded ca certificate
ccd_exclusive
(boolean) maps to ccd-exclusive in the configs.
ccd_sync_ip
(string) ip address(es) that will rsync ccd data.
ccd_sync_key
(string) ssh public key used to sync ccd data.
crl_filename
(string) certificate revocation list filename
extra_packages
(string) Space separated list of extra deb packages to install.
group
(string) group for openvpn
openvpn
install_keys
(string) List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.
install_sources
(string) List of extra apt sources, per charm-helpers standard format (a yaml list of strings encoded as a string). Each source may be either a line that can be added directly to sources.list(5), or in the form ppa:<user>/<ppa-name> for adding Personal Package Archives, or a distribution component to enable.
nagios_context
(string) Used by the nrpe subordinate charms. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
juju
nagios_servicegroups
(string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup
package_status
(string) The status of service-affecting packages will be set to this value in the dpkg database. Valid values are "install" and "hold".
install
server_certificate
(string) base64 encoded server certificate
server_key
(string) base64 encoded server key
ssh_auth_key_path
(string) path to the ssh authorized keys file for "user"
tcp6_network
(string) IPv6 Network for TCP clients, if any. CIDR format (e.g.: 2001:db8::0/64)
tcp_cipher
(string) Cipher to use for tcp.
AES-128-CBC
tcp_client_config_directory
(string) Name of TCP client config directory, or none
tcp_daemon
(boolean) Enable TCP daemon
tcp_device
(string) Interface name for TCP vpn device
tun1
tcp_extra_commands
(string) yaml string of extra directives for the tcp config (usually routes)
tcp_ip_address
(string) Address to listen on. Defaults to the IP address on the default route interface
tcp_netmask
(string) Netmask for TCP clients
tcp_network
(string) Network for TCP clients, if any. (netmask is separate)
tcp_port
(string) port to listen on (default: 1194)
1194
tcp_proto
(string) protocol: one of "tcp" or "tcp6"
tcp
tls_auth_direction
(string) tls-auth direction
0
tls_auth_key
(string) base64 encoded tls-auth key
udp6_network
(string) IPv6 Network for UDP clients, if any. CIDR format (e.g.: 2001:db8::0/64)
udp_cipher
(string) Cipher to use for udp.
AES-128-CBC
udp_client_config_directory
(string) Name of UDP client config directory, or none
udp_daemon
(boolean) Enable UDP daemon
True
udp_device
(string) Interface name for UDP vpn device
tun0
udp_extra_commands
(string) yaml string of extra directives for the udp config (usually routes)
udp_ip_address
(string) Address to listen on. Defaults to the IP address on the default route interface
udp_netmask
(string) Netmask for UDP clients
udp_network
(string) Network for UDP clients, if any. (netmask is separate)
udp_port
(string) port to listen on (default: 1194)
1194
udp_proto
(string) protocol: one of "udp" or "udp6"
udp
user
(string) user for openvpn
openvpn