README.md 1.85 KB
Newer Older
klara.mall's avatar
klara.mall committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# Ansible Role: OpenVPN

Installs and configures OpenVPN on Debian servers.

## Role Variables
    
    # OpenVPN server l3 instances (tun)
    openvpn_tun_instances:
      - name: vpn-udp-tun
        service_ip_address: "{{ service_address_1 }}"
        protocol: udp
        # routed ipv4 client subnets (one per node)
        tun_ipv4_addresses:
          - 203.0.113.0/26
          - 203.0.113.64/26
          - 203.0.113.128/26
          - 203.0.113.192/26
        # routed ipv6 client subnets (one per node)
        tun_ipv6_addresses:
          - 2001:db8:12:400::1/64
          - 2001:db8:12:401::1/64
          - 2001:db8:12:402::1/64
          - 2001:db8:12:403::1/64

    # OpenVPN server l2 instances (tap)
    openvpn_tap_instances:
      - name: vpn-udp-tap
        service_ip_address: "{{ service_address_2 }}"
        protocol: udp
    
    # VLAN interfaces for VPN2VLAN access (tap) in multiple VLANs
32
    vpn2vlan:
klara.mall's avatar
klara.mall committed
33
34
      # ip address of the first node
      - address: 192.0.2.1
klara.mall's avatar
klara.mall committed
35
36
37
38
        realms:
          - name: abc
            default_route: true
          - name: abc-split
klara.mall's avatar
klara.mall committed
39
            split_subnets_ipv4: "{{ split_subnets_ipv4 }}"
klara.mall's avatar
klara.mall committed
40
41
42
        radius:
          group: OE-VPN-abc 
        dhcp_config:
klara.mall's avatar
klara.mall committed
43
          domain:
klara.mall's avatar
klara.mall committed
44
          - abc.kit.edu
klara.mall's avatar
klara.mall committed
45
46
47
          domain_search:
          - foo.kit.edu
          - bar.kit.edu
klara.mall's avatar
klara.mall committed
48
49
50
51
52
53
54
55
56
57
58
59
60
61
          pool_range:
          - 192.0.2.22
          - 192.0.2.40
          resolvers: "{{ resolvers_vpn }}"
      - address: 192.0.3.65
        realms:
          - name: foo
            default_route: false
        radius:
          group: OE-VPN-foo
          two_factor: true
        dhcp_config:
          pool_range:
          - 192.0.3.100
klara.mall's avatar
klara.mall committed
62
63
          - 192.0.3.109
      - address: 192.0.11.129
klara.mall's avatar
klara.mall committed
64
65
66
67
68
69
        realms:
          - name: bar
            default_route: true
        radius:
          group: OE-VPN-bar
        dhcp_servers: "{{ dhcp_servers_xy }}"
klara.mall's avatar
klara.mall committed
70