From 4d56e1223cb5d6e6bf492100dfd20731d97d0e73 Mon Sep 17 00:00:00 2001 From: Shaun Smiley Date: Mon, 18 Dec 2017 13:42:33 -0800 Subject: [PATCH 1/2] Lock easyrsa to pull in fix --- playbooks/roles/openvpn/tasks/pki.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/playbooks/roles/openvpn/tasks/pki.yml b/playbooks/roles/openvpn/tasks/pki.yml index d5ea103..9688091 100644 --- a/playbooks/roles/openvpn/tasks/pki.yml +++ b/playbooks/roles/openvpn/tasks/pki.yml @@ -4,7 +4,9 @@ repo: https://github.com/OpenVPN/easy-rsa.git accept_hostkey: True remote: github - version: master + ## lock git checkout to pull in openssl fix + ## https://github.com/OpenVPN/easy-rsa/issues/132 + version: a138c0d83b0ff1feed385c5d2d7a1c25422fe04d dest: "{{ openvpn_path }}/easyrsa" - name: OpenVPN | PKI | Make local destination folder From 2ce940ec8000159cb727f4c2400ea0ed4e69eb96 Mon Sep 17 00:00:00 2001 From: Shaun Smiley Date: Mon, 18 Dec 2017 13:46:08 -0800 Subject: [PATCH 2/2] parameterize easyrsa git version --- playbooks/roles/openvpn/defaults/main.yml | 4 ++++ playbooks/roles/openvpn/tasks/pki.yml | 4 +--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/playbooks/roles/openvpn/defaults/main.yml b/playbooks/roles/openvpn/defaults/main.yml index 7a6b7b8..aad85f1 100644 --- a/playbooks/roles/openvpn/defaults/main.yml +++ b/playbooks/roles/openvpn/defaults/main.yml @@ -19,6 +19,10 @@ openvpn_auth_digest: "SHA256" # Configuration here just uses PFS ciphers leveraging AES256 and at least SHA256 openvpn_tls_cipher: "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-DSS-WITH-AES-256-CBC-SHA256" +## lock easyrsa git checkout to pull in openssl fix +## https://github.com/OpenVPN/easy-rsa/issues/132 +openvpn_easyrsa_version: a138c0d83b0ff1feed385c5d2d7a1c25422fe04d + openvpn_instances: - { proto: udp, diff --git a/playbooks/roles/openvpn/tasks/pki.yml b/playbooks/roles/openvpn/tasks/pki.yml index 9688091..b0f7d9c 100644 --- a/playbooks/roles/openvpn/tasks/pki.yml +++ b/playbooks/roles/openvpn/tasks/pki.yml @@ -4,9 +4,7 @@ repo: https://github.com/OpenVPN/easy-rsa.git accept_hostkey: True remote: github - ## lock git checkout to pull in openssl fix - ## https://github.com/OpenVPN/easy-rsa/issues/132 - version: a138c0d83b0ff1feed385c5d2d7a1c25422fe04d + version: "{{ openvpn_easyrsa_version }}" dest: "{{ openvpn_path }}/easyrsa" - name: OpenVPN | PKI | Make local destination folder