From 32125cb55925eddbb1711a5b2d65a9d15245a9a2 Mon Sep 17 00:00:00 2001 From: Tayyeb Date: Fri, 3 Jul 2020 19:36:40 +0430 Subject: [PATCH 01/14] update auth-ldap.conf.j2 to optionally check group and add all auth-ldap specific variables to defaults/main.yml --- defaults/main.yml | 7 +++++++ templates/authentication/auth-ldap.conf.j2 | 4 +++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index dc495d5..af53181 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -174,8 +174,15 @@ openvpn_use_pam_users: [] # LDAP authentication and configuration (optional) openvpn_use_ldap: false +openvpn_ldap_server: # ldapserver.example.org or ldap://ldapserver.example.org openvpn_ldap_tlsenable: 'false' openvpn_ldap_follow_referrals: 'false' +openvpn_ldap_bind_dn: # cn=administrator,cn=users,dc=ctc,dc=local +openvpn_ldap_bind_password: +openvpn_ldap_base_dn: # dc=ctc,dc=local +openvpn_ldap_search_filter: # sAMAccountName=%u +openvpn_ldap_group_base_dn: # ou=groups,dc=ctc,dc=local if empty fallback to openvpn_ldap_base_dn +openvpn_ldap_group_search_filter: # cn=OpenVPNUsers # Use simple authentication (default is disabled) openvpn_simple_auth: false diff --git a/templates/authentication/auth-ldap.conf.j2 b/templates/authentication/auth-ldap.conf.j2 index 5d49641..29b0081 100644 --- a/templates/authentication/auth-ldap.conf.j2 +++ b/templates/authentication/auth-ldap.conf.j2 @@ -45,10 +45,12 @@ # e.g. "sAMAccountName=%u" SearchFilter {{ openvpn_ldap_search_filter }} RequireGroup true + {% if openvpn_ldap_group_search_filter %} - BaseDN {{ openvpn_ldap_base_dn }} + BaseDN {{ openvpn_ldap_group_base_dn | default(openvpn_ldap_base_dn) }} # e.g. "cn=OpenVPNUsers" SearchFilter {{ openvpn_ldap_group_search_filter }} MemberAttribute Member + {% endif %} From ae5f7e307395aa0814c62308d52f09907c40442e Mon Sep 17 00:00:00 2001 From: Taha Jahangir Date: Sun, 15 Nov 2020 17:39:39 +0330 Subject: [PATCH 02/14] Allow changing config filename and client config dir --- defaults/main.yml | 6 ++++++ tasks/authentication/tls.yml | 4 ++-- tasks/core/clients.yml | 6 +++--- tasks/core/configure.yml | 4 ++-- tasks/core/read-client-files.yml | 2 +- templates/server.conf.j2 | 2 +- 6 files changed, 15 insertions(+), 9 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index af53181..7866f35 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -208,6 +208,12 @@ openvpn_script_output_directories: [] # A path on the OpenVPN server where OpenVPN scripts should be uploaded to. openvpn_scripts_dir: "{{ openvpn_etcdir }}/scripts/" +# In some distros, the server with `foobar.conf` config file can be managed +# using `openvpn@foobar` service +openvpn_config_file: "{{ openvpn_etcdir }}/server.conf" + +openvpn_client_config_dir: "{{ openvpn_etcdir }}/ovpns" + # A list of files located on the Ansible controller that the role should upload. # The scripts will be uploaded under `openvpn_scripts_dir`. You can reference # them in `openvpn_server_options` for the OpenVPN configuration option you diff --git a/tasks/authentication/tls.yml b/tasks/authentication/tls.yml index 1439a58..a4fb111 100644 --- a/tasks/authentication/tls.yml +++ b/tasks/authentication/tls.yml @@ -2,7 +2,7 @@ - name: Generate tls-auth key command: - openvpn --genkey --secret "{{ openvpn_etcdir }}/ovpns/{{ openvpn_tls_key }}" + openvpn --genkey --secret "{{ openvpn_client_config_dir }}/{{ openvpn_tls_key }}" args: - creates: "{{ openvpn_etcdir }}/ovpns/{{ openvpn_tls_key }}" + creates: "{{ openvpn_client_config_dir }}/{{ openvpn_tls_key }}" when: openvpn_tls_auth diff --git a/tasks/core/clients.yml b/tasks/core/clients.yml index 9252178..63e9d27 100644 --- a/tasks/core/clients.yml +++ b/tasks/core/clients.yml @@ -3,7 +3,7 @@ - name: Generate client configurations template: src: "{{ openvpn_client_conf_template }}" - dest: "{{ openvpn_etcdir }}/ovpns/{{ item }}.ovpn" + dest: "{{ openvpn_client_config_dir }}/{{ item }}.ovpn" loop: "{{ openvpn_clients }}" register: openvpn_clients_changed @@ -20,12 +20,12 @@ loop_control: index_var: index args: - chdir: "{{ openvpn_etcdir }}/ovpns/" + chdir: "{{ openvpn_client_config_dir }}" when: openvpn_clients_changed.results[index] is changed - name: Download client credentials fetch: - src: "{{ openvpn_etcdir }}/ovpns/{{ item }}.zip" + src: "{{ openvpn_client_config_dir }}/{{ item }}.zip" dest: "{{ openvpn_download_dir }}" flat: true validate_checksum: true diff --git a/tasks/core/configure.yml b/tasks/core/configure.yml index 6916598..998a307 100644 --- a/tasks/core/configure.yml +++ b/tasks/core/configure.yml @@ -15,7 +15,7 @@ - name: Configure server template: src: server.conf.j2 - dest: "{{ openvpn_etcdir }}/server.conf" + dest: "{{ openvpn_config_file }}" notify: openvpn restart # Needed by both tls-authentication tasks and client-configuration tasks. Placed @@ -23,5 +23,5 @@ # client-config tasks are located. - name: Create client configuration directory file: - path: "{{ openvpn_etcdir }}/ovpns" + path: "{{ openvpn_client_config_dir }}" state: directory diff --git a/tasks/core/read-client-files.yml b/tasks/core/read-client-files.yml index 362b9e6..ae1b063 100644 --- a/tasks/core/read-client-files.yml +++ b/tasks/core/read-client-files.yml @@ -7,7 +7,7 @@ - name: Read TLS-auth key slurp: - src: "{{ openvpn_etcdir }}/ovpns/{{ openvpn_tls_key }}" + src: "{{ openvpn_client_config_dir }}/{{ openvpn_tls_key }}" no_log: true register: openvpn_read_tlsauth_file_results changed_when: false diff --git a/templates/server.conf.j2 b/templates/server.conf.j2 index 3b5f910..f7ee72e 100644 --- a/templates/server.conf.j2 +++ b/templates/server.conf.j2 @@ -52,7 +52,7 @@ dh {{ openvpn_keydir }}/dh.pem {% if openvpn_tls_auth -%} # Use a static pre-shared key (PSK) -tls-auth {{ openvpn_etcdir }}/ovpns/{{ openvpn_tls_key }} 0 +tls-auth {{ openvpn_client_config_dir }}/{{ openvpn_tls_key }} 0 tls-server {% endif %} From 7681b2154771c9ac5ae7124552d4c4a5a3a4b181 Mon Sep 17 00:00:00 2001 From: Taha Jahangir Date: Thu, 26 Nov 2020 15:51:57 +0330 Subject: [PATCH 03/14] Add variable for server key/cert/ca --- defaults/main.yml | 5 +++++ tasks/core/clients.yml | 2 +- tasks/core/read-client-files.yml | 2 +- templates/server.conf.j2 | 6 +++--- 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 7866f35..4869ca7 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -30,6 +30,11 @@ openvpn_keydir: "{{ openvpn_etcdir }}/keys" # README. Then you can simply point this variable to the pki folder of the # easyrsa installation and all keys/certificates will be located fine. # }}} + +openvpn_ca_certs_file: '{{ openvpn_keydir }}/ca.crt' +openvpn_server_cert_file: '{{ openvpn_keydir }}/issued/server.crt' +openvpn_server_key_file: '{{ openvpn_keydir }}/private/server.key' + # Server configuration {{{ # Default settings (See OpenVPN documentation) openvpn_host: "{{ inventory_hostname }}" diff --git a/tasks/core/clients.yml b/tasks/core/clients.yml index 63e9d27..468a47c 100644 --- a/tasks/core/clients.yml +++ b/tasks/core/clients.yml @@ -14,7 +14,7 @@ {{ openvpn_keydir }}/issued/{{ item }}.crt {{ openvpn_keydir }}/private/{{ item }}.key {{ item }}.ovpn - {{ openvpn_keydir }}/ca.crt + {{ openvpn_ca_certs_file }} {{ openvpn_tls_key if openvpn_tls_auth else '' }} loop: "{{ openvpn_clients }}" loop_control: diff --git a/tasks/core/read-client-files.yml b/tasks/core/read-client-files.yml index ae1b063..7b63a22 100644 --- a/tasks/core/read-client-files.yml +++ b/tasks/core/read-client-files.yml @@ -1,6 +1,6 @@ --- - name: Read CA file - command: cat "{{ openvpn_keydir }}/ca.crt" + command: cat "{{ openvpn_ca_certs_file }}" no_log: true register: openvpn_read_ca_file_results changed_when: false diff --git a/templates/server.conf.j2 b/templates/server.conf.j2 index f7ee72e..c551cf6 100644 --- a/templates/server.conf.j2 +++ b/templates/server.conf.j2 @@ -42,9 +42,9 @@ dev {{ openvpn_dev }} # # Any X509 key management system can be used. OpenVPN can also use a PKCS #12 # formatted key file (see "pkcs12" directive in man page). -ca {{ openvpn_keydir }}/ca.crt -cert {{ openvpn_keydir }}/issued/server.crt -key {{ openvpn_keydir }}/private/server.key # This file should be kept secret +ca {{ openvpn_ca_certs_file }} +cert {{ openvpn_server_cert_file }} +key {{ openvpn_server_key_file }} # This file should be kept secret # Diffie hellman parameters. Generate your own with: openssl dhparam -out # dh1024.pem 1024 Substitute 2048 for 1024 if you are using 2048 bit keys. From c6b8898c3cb44e657c78850a5f4d09c79b5cf3f4 Mon Sep 17 00:00:00 2001 From: Taha Jahangir Date: Thu, 26 Nov 2020 16:15:05 +0330 Subject: [PATCH 04/14] Add openvpn_ldap_config/openvpn_ldap_password_is_cr vars --- defaults/main.yml | 2 ++ tasks/authentication/ldap.yml | 2 +- templates/authentication/auth-ldap.conf.j2 | 3 ++- templates/server.conf.j2 | 2 +- 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 4869ca7..d073ad5 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -179,9 +179,11 @@ openvpn_use_pam_users: [] # LDAP authentication and configuration (optional) openvpn_use_ldap: false +openvpn_ldap_config: '{{ openvpn_etcdir }}/auth-ldap.conf' openvpn_ldap_server: # ldapserver.example.org or ldap://ldapserver.example.org openvpn_ldap_tlsenable: 'false' openvpn_ldap_follow_referrals: 'false' +openvpn_ldap_password_is_cr: 'false' openvpn_ldap_bind_dn: # cn=administrator,cn=users,dc=ctc,dc=local openvpn_ldap_bind_password: openvpn_ldap_base_dn: # dc=ctc,dc=local diff --git a/tasks/authentication/ldap.yml b/tasks/authentication/ldap.yml index 430fa7a..df2e72e 100644 --- a/tasks/authentication/ldap.yml +++ b/tasks/authentication/ldap.yml @@ -3,5 +3,5 @@ - name: Setup LDAP template: src: authentication/auth-ldap.conf.j2 - dest: /etc/openvpn/auth-ldap.conf + dest: '{{ openvpn_ldap_config }}' when: openvpn_use_ldap | bool diff --git a/templates/authentication/auth-ldap.conf.j2 b/templates/authentication/auth-ldap.conf.j2 index 29b0081..b7df892 100644 --- a/templates/authentication/auth-ldap.conf.j2 +++ b/templates/authentication/auth-ldap.conf.j2 @@ -5,7 +5,7 @@ # - ldap://ldapserver.example.org # - ldaps://ldapserver.example.org URL {% if openvpn_ldap_server | regex_search('(^\w+:\/\/.+$)') %}{{ openvpn_ldap_server }}{% else %}ldap://{{ openvpn_ldap_server }}{% endif %} - + # Bind DN (If your LDAP server doesn't support anonymous binds) # e.g. cn=administrator,cn=users,dc=ctc,dc=local @@ -44,6 +44,7 @@ BaseDN {{ openvpn_ldap_base_dn }} # e.g. "sAMAccountName=%u" SearchFilter {{ openvpn_ldap_search_filter }} + PasswordIsCR {{ openvpn_ldap_password_is_cr }} RequireGroup true {% if openvpn_ldap_group_search_filter %} diff --git a/templates/server.conf.j2 b/templates/server.conf.j2 index c551cf6..b056b3e 100644 --- a/templates/server.conf.j2 +++ b/templates/server.conf.j2 @@ -167,7 +167,7 @@ plugin {{openvpn_use_pam_plugin|default(openvpn_use_pam_plugin_distribution)}} o {% endif %} {% if openvpn_use_ldap %} -plugin {{ openvpn_use_ldap_plugin | default(openvpn_use_ldap_plugin_distribution) }} "/etc/openvpn/auth-ldap.conf" +plugin {{ openvpn_use_ldap_plugin | default(openvpn_use_ldap_plugin_distribution) }} "{{ openvpn_ldap_config }}" {% endif %} {% if openvpn_simple_auth and openvpn_simple_auth_password %} From f55a4a20e9f5918e3d355338faf87e43f032ae7e Mon Sep 17 00:00:00 2001 From: Taha Jahangir Date: Thu, 26 Nov 2020 15:47:26 +0330 Subject: [PATCH 05/14] Allow changing service name --- defaults/main.yml | 1 + handlers/main.yml | 4 ++-- tasks/service.yml | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index d073ad5..ecbc8ef 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -218,6 +218,7 @@ openvpn_scripts_dir: "{{ openvpn_etcdir }}/scripts/" # In some distros, the server with `foobar.conf` config file can be managed # using `openvpn@foobar` service openvpn_config_file: "{{ openvpn_etcdir }}/server.conf" +openvpn_service_name: '' # use the default os-dependent openvpn_client_config_dir: "{{ openvpn_etcdir }}/ovpns" diff --git a/handlers/main.yml b/handlers/main.yml index 7eec5fe..26d2ba5 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -33,8 +33,8 @@ - ansible_lsb.codename != "trusty" listen: openvpn save iptables -- name: Restart OpenVPN service +- name: Restart OpenVPN service ({{ openvpn_service_name or penvpn_service }}) service: - name: "{{ openvpn_service }}" + name: "{{ openvpn_service_name or penvpn_service }}" state: restarted listen: openvpn restart diff --git a/tasks/service.yml b/tasks/service.yml index a4507bb..1cec747 100644 --- a/tasks/service.yml +++ b/tasks/service.yml @@ -1,7 +1,7 @@ --- -- name: Ensure OpenVPN is started +- name: Ensure OpenVPN is started ({{ openvpn_service_name or penvpn_service }}) service: - name: "{{ openvpn_service }}" + name: "{{ openvpn_service_name or penvpn_service }}" state: started enabled: true From 5ed62c5c13d62733a95ff1146c6703232bb8a32d Mon Sep 17 00:00:00 2001 From: HadiLatifi Date: Tue, 26 Jul 2022 10:42:01 +0430 Subject: [PATCH 06/14] defaults: add openldap vars --- defaults/main.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index dbd9112..fe6caa0 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -177,10 +177,15 @@ openvpn_use_pam_users: [] # LDAP authentication and configuration (optional) openvpn_use_ldap: false +openvpn_ldap_server: # ldapserver.example.org or ldap://ldapserver.example.org openvpn_ldap_tlsenable: 'false' openvpn_ldap_follow_referrals: 'false' - -# Use simple authentication (default is disabled) +openvpn_ldap_bind_dn: # cn=administrator,cn=users,dc=ctc,dc=local +openvpn_ldap_bind_password: +openvpn_ldap_base_dn: # dc=ctc,dc=local +openvpn_ldap_search_filter: # sAMAccountName=%u +openvpn_ldap_group_base_dn: # ou=groups,dc=ctc,dc=local if empty fallback to openvpn_ldap_base_dn +openvpn_ldap_group_search_filter: # cn=OpenVPNUsers# Use simple authentication (default is disabled) openvpn_simple_auth: false openvpn_simple_auth_password: "" From e5c5c3d7d122ae63036bf92b4e21550b2a41ab89 Mon Sep 17 00:00:00 2001 From: HadiLatifi Date: Tue, 26 Jul 2022 10:43:17 +0430 Subject: [PATCH 07/14] auth-ldap.conf.j2: change Group BaseDN --- templates/authentication/auth-ldap.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/authentication/auth-ldap.conf.j2 b/templates/authentication/auth-ldap.conf.j2 index 5d49641..e10b430 100644 --- a/templates/authentication/auth-ldap.conf.j2 +++ b/templates/authentication/auth-ldap.conf.j2 @@ -46,7 +46,7 @@ SearchFilter {{ openvpn_ldap_search_filter }} RequireGroup true - BaseDN {{ openvpn_ldap_base_dn }} + BaseDN {{ openvpn_ldap_group_base_dn | default(openvpn_ldap_base_dn) }} # e.g. "cn=OpenVPNUsers" SearchFilter {{ openvpn_ldap_group_search_filter }} MemberAttribute Member From 39192403aa173ac2773ffc169f090f49a6f947a1 Mon Sep 17 00:00:00 2001 From: HadiLatifi Date: Wed, 27 Jul 2022 20:18:51 +0430 Subject: [PATCH 08/14] fix python-passlib dependency --- tasks/core/install/Debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/core/install/Debian.yml b/tasks/core/install/Debian.yml index 80f5810..371c4b2 100644 --- a/tasks/core/install/Debian.yml +++ b/tasks/core/install/Debian.yml @@ -32,7 +32,7 @@ vars: dependencies: - libpam-pwdfile - - python-passlib + - python3-passlib - name: Install LDAP dependencies apt: From f40f465d59c1b70f821c3ccaf2bb8022f5949f15 Mon Sep 17 00:00:00 2001 From: HadiLatifi Date: Wed, 27 Jul 2022 20:26:37 +0430 Subject: [PATCH 09/14] client-cert-not-required option has changed in latest version --- templates/server.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/server.conf.j2 b/templates/server.conf.j2 index ceb9892..25210e1 100644 --- a/templates/server.conf.j2 +++ b/templates/server.conf.j2 @@ -161,7 +161,7 @@ client-to-client {% endif %} {% if openvpn_use_pam %} -client-cert-not-required +verify-client-cert none plugin {{openvpn_use_pam_plugin|default(openvpn_use_pam_plugin_distribution)}} openvpn {% endif %} From 16d7646234f67dacf812a82fc331971f22ab619e Mon Sep 17 00:00:00 2001 From: HadiLatifi Date: Wed, 27 Jul 2022 20:35:09 +0430 Subject: [PATCH 10/14] Create Debian.bullseye.yml --- vars/os/Debian.bullseye.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 vars/os/Debian.bullseye.yml diff --git a/vars/os/Debian.bullseye.yml b/vars/os/Debian.bullseye.yml new file mode 100644 index 0000000..267e8bc --- /dev/null +++ b/vars/os/Debian.bullseye.yml @@ -0,0 +1,10 @@ +--- + +openvpn_use_pam_plugin_distribution: + /usr/lib/openvpn/openvpn-plugin-auth-pam.so + +openvpn_use_ldap_plugin_distribution: + /usr/lib/openvpn/openvpn-auth-ldap.so + +openvpn_service: + "{{ 'openvpn@server' if ansible_service_mgr == 'systemd' else 'openvpn' }}" From d2783ee5e4c67b48805440f7eb75c30ccefcefaa Mon Sep 17 00:00:00 2001 From: HadiLatifi Date: Tue, 2 Aug 2022 11:19:54 +0430 Subject: [PATCH 11/14] Delete .cache directory --- .cache/roles/Stouts.openvpn | 1 - .cache/roles/klen.Stouts.openvpn | 1 - .cache/roles/stouts.openvpn | 1 - 3 files changed, 3 deletions(-) delete mode 120000 .cache/roles/Stouts.openvpn delete mode 120000 .cache/roles/klen.Stouts.openvpn delete mode 120000 .cache/roles/stouts.openvpn diff --git a/.cache/roles/Stouts.openvpn b/.cache/roles/Stouts.openvpn deleted file mode 120000 index c25bddb..0000000 --- a/.cache/roles/Stouts.openvpn +++ /dev/null @@ -1 +0,0 @@ -../.. \ No newline at end of file diff --git a/.cache/roles/klen.Stouts.openvpn b/.cache/roles/klen.Stouts.openvpn deleted file mode 120000 index c25bddb..0000000 --- a/.cache/roles/klen.Stouts.openvpn +++ /dev/null @@ -1 +0,0 @@ -../.. \ No newline at end of file diff --git a/.cache/roles/stouts.openvpn b/.cache/roles/stouts.openvpn deleted file mode 120000 index c25bddb..0000000 --- a/.cache/roles/stouts.openvpn +++ /dev/null @@ -1 +0,0 @@ -../.. \ No newline at end of file From 4e2cac3637df79efbf732052a2d933f28d4de267 Mon Sep 17 00:00:00 2001 From: HadiLatifi Date: Tue, 2 Aug 2022 11:21:23 +0430 Subject: [PATCH 12/14] Delete molecule/default/.cache directory It only contains a soft link to root directory and thus creating infinite loops when copying. --- molecule/default/.cache/roles/stouts.openvpn | 1 - 1 file changed, 1 deletion(-) delete mode 120000 molecule/default/.cache/roles/stouts.openvpn diff --git a/molecule/default/.cache/roles/stouts.openvpn b/molecule/default/.cache/roles/stouts.openvpn deleted file mode 120000 index c25bddb..0000000 --- a/molecule/default/.cache/roles/stouts.openvpn +++ /dev/null @@ -1 +0,0 @@ -../.. \ No newline at end of file From fb30b8816e267a564ea0f56c108452f346f0bc42 Mon Sep 17 00:00:00 2001 From: "mh.latifi" Date: Tue, 2 Aug 2022 11:29:13 +0430 Subject: [PATCH 13/14] Change ncp-ciphers to data-ciphers In openvpn 2.5, ncp-ciphers option has changed to data-ciphers --- defaults/main.yml | 2 +- tasks/assertions.yml | 2 +- templates/client.conf.j2 | 4 ++-- templates/server.conf.j2 | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 646882a..918fd3e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -49,7 +49,7 @@ openvpn_log: /var/log/openvpn.log openvpn_keepalive: "10 120" openvpn_ifconfig_pool_persist: ipp.txt openvpn_compression: false -openvpn_ncp_ciphers: 'AES-256-GCM:AES-128-GCM' +openvpn_data_ciphers: 'AES-256-GCM:AES-128-GCM' openvpn_status: openvpn-status.log openvpn_verb: 3 openvpn_user: nobody diff --git a/tasks/assertions.yml b/tasks/assertions.yml index e7f7b8c..32a7c36 100644 --- a/tasks/assertions.yml +++ b/tasks/assertions.yml @@ -21,5 +21,5 @@ - name: openvpn_comp_lzo replacement: openpvpn_compression - name: openvpn_cipher - replacement: openvpn_ncp_ciphers + replacement: openvpn_data_ciphers diff --git a/templates/client.conf.j2 b/templates/client.conf.j2 index fe6383a..07eecc7 100644 --- a/templates/client.conf.j2 +++ b/templates/client.conf.j2 @@ -15,8 +15,8 @@ dev {{ openvpn_client_dev }} # server. proto {{ openvpn_proto }} -{% if openvpn_ncp_ciphers | length %} -ncp-ciphers {{ openvpn_ncp_ciphers }} +{% if openvpn_data_ciphers | length %} +data-ciphers {{ openvpn_data_ciphers }} {% endif %} # The hostname/IP and port of the server. You can have multiple remote entries diff --git a/templates/server.conf.j2 b/templates/server.conf.j2 index 57ea50c..45bdf06 100644 --- a/templates/server.conf.j2 +++ b/templates/server.conf.j2 @@ -19,8 +19,8 @@ proto {{ openvpn_proto }} port-share 127.0.0.1 {{ openvpn_portshare }} {% endif %} -{% if openvpn_ncp_ciphers | length %} -ncp-ciphers {{ openvpn_ncp_ciphers }} +{% if openvpn_data_ciphers | length %} +data-ciphers {{ openvpn_data_ciphers }} {% endif %} # "dev tun" will create a routed IP tunnel, "dev tap" will create an ethernet From 06b8819ca560b667ea317ac1e9d4ffec4fdc6828 Mon Sep 17 00:00:00 2001 From: "mh.latifi" Date: Tue, 2 Aug 2022 11:34:26 +0430 Subject: [PATCH 14/14] ldap.yml: fix wrong indent --- tasks/authentication/ldap.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/authentication/ldap.yml b/tasks/authentication/ldap.yml index de4dc24..a23982c 100644 --- a/tasks/authentication/ldap.yml +++ b/tasks/authentication/ldap.yml @@ -5,4 +5,4 @@ src: authentication/auth-ldap.conf.j2 dest: '{{ openvpn_ldap_config }}' mode: 0o644 - when: openvpn_use_ldap | bool + when: openvpn_use_ldap | bool