summaryrefslogtreecommitdiff
path: root/data/templates/openvpn/server.conf.tmpl
diff options
context:
space:
mode:
Diffstat (limited to 'data/templates/openvpn/server.conf.tmpl')
-rw-r--r--data/templates/openvpn/server.conf.tmpl224
1 files changed, 0 insertions, 224 deletions
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl
deleted file mode 100644
index f26680fa3..000000000
--- a/data/templates/openvpn/server.conf.tmpl
+++ /dev/null
@@ -1,224 +0,0 @@
-### Autogenerated by interfaces-openvpn.py ###
-#
-# See https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
-# for individual keyword definition
-#
-# {{ description if description is vyos_defined }}
-#
-
-verb 3
-dev-type {{ device_type }}
-dev {{ ifname }}
-persist-key
-{% if protocol == 'tcp-active' %}
-proto tcp-client
-{% elif protocol == 'tcp-passive' %}
-proto tcp-server
-{% else %}
-proto udp
-{% endif %}
-{% if local_host is vyos_defined %}
-local {{ local_host }}
-{% endif %}
-{% if mode is vyos_defined('server') and protocol is vyos_defined('udp') and local_host is not vyos_defined %}
-multihome
-{% endif %}
-{% if local_port is vyos_defined %}
-lport {{ local_port }}
-{% endif %}
-{% if remote_port is vyos_defined %}
-rport {{ remote_port }}
-{% endif %}
-{% if remote_host is vyos_defined %}
-{% for remote in remote_host %}
-remote {{ remote }}
-{% endfor %}
-{% endif %}
-{% if shared_secret_key is vyos_defined %}
-secret /run/openvpn/{{ ifname }}_shared.key
-{% endif %}
-{% if persistent_tunnel is vyos_defined %}
-persist-tun
-{% endif %}
-{% if replace_default_route.local is vyos_defined %}
-push "redirect-gateway local def1"
-{% elif replace_default_route is vyos_defined %}
-push "redirect-gateway def1"
-{% endif %}
-{% if use_lzo_compression is vyos_defined %}
-compress lzo
-{% endif %}
-
-{% if mode == 'client' %}
-#
-# OpenVPN Client mode
-#
-client
-nobind
-
-{% elif mode == 'server' %}
-#
-# OpenVPN Server mode
-#
-mode server
-tls-server
-{% if server is vyos_defined %}
-{% if server.subnet is vyos_defined %}
-{% if server.topology is vyos_defined('point-to-point') %}
-topology p2p
-{% elif server.topology is vyos_defined %}
-topology {{ server.topology }}
-{% endif %}
-{% for subnet in server.subnet %}
-{% if subnet | is_ipv4 %}
-server {{ subnet | address_from_cidr }} {{ subnet | netmask_from_cidr }} nopool
-{# First ip address is used as gateway. It's allows to use metrics #}
-{% if server.push_route is vyos_defined %}
-{% for route, route_config in server.push_route.items() %}
-{% if route | is_ipv4 %}
-push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }}{% if route_config.metric is vyos_defined %} {{ subnet | first_host_address }} {{ route_config.metric }}{% endif %}"
-{% elif route | is_ipv6 %}
-push "route-ipv6 {{ route }}"
-{% endif %}
-{% endfor %}
-{% endif %}
-{# OpenVPN assigns the first IP address to its local interface so the pool used #}
-{# in net30 topology - where each client receives a /30 must start from the second subnet #}
-{% if server.topology is vyos_defined('net30') %}
-ifconfig-pool {{ subnet | inc_ip('4') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tap' else '' }}
-{% else %}
-{# OpenVPN assigns the first IP address to its local interface so the pool must #}
-{# start from the second address and end on the last address #}
-ifconfig-pool {{ subnet | first_host_address | inc_ip('1') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tun' else '' }}
-{% endif %}
-{% elif subnet | is_ipv6 %}
-server-ipv6 {{ subnet }}
-{% endif %}
-{% endfor %}
-{% endif %}
-
-{% if server.client_ip_pool is vyos_defined and server.client_ip_pool.disable is not vyos_defined %}
-ifconfig-pool {{ server.client_ip_pool.start }} {{ server.client_ip_pool.stop }}{{ server.client_ip_pool.subnet_mask if server.client_ip_pool.subnet_mask is vyos_defined }}
-{% endif %}
-{% if server.max_connections is vyos_defined %}
-max-clients {{ server.max_connections }}
-{% endif %}
-{% if server.client is vyos_defined %}
-client-config-dir /run/openvpn/ccd/{{ ifname }}
-{% endif %}
-{% endif %}
-keepalive {{ keep_alive.interval }} {{ keep_alive.interval|int * keep_alive.failure_count|int }}
-management /run/openvpn/openvpn-mgmt-intf unix
-{% if server is vyos_defined %}
-{% if server.reject_unconfigured_clients is vyos_defined %}
-ccd-exclusive
-{% endif %}
-
-{% if server.name_server is vyos_defined %}
-{% for nameserver in server.name_server %}
-{% if nameserver | is_ipv4 %}
-push "dhcp-option DNS {{ nameserver }}"
-{% elif nameserver | is_ipv6 %}
-push "dhcp-option DNS6 {{ nameserver }}"
-{% endif %}
-{% endfor %}
-{% endif %}
-{% if server.domain_name is vyos_defined %}
-push "dhcp-option DOMAIN {{ server.domain_name }}"
-{% endif %}
-{% if server.mfa.totp is vyos_defined %}
-{% set totp_config = server.mfa.totp %}
-plugin "{{ plugin_dir}}/openvpn-otp.so" "otp_secrets=/config/auth/openvpn/{{ ifname }}-otp-secrets {{ 'otp_slop=' ~ totp_config.slop }} {{ 'totp_t0=' ~ totp_config.drift }} {{ 'totp_step=' ~ totp_config.step }} {{ 'totp_digits=' ~ totp_config.digits }} password_is_cr={{ '1' if totp_config.challenge == 'enable' else '0' }}"
-{% endif %}
-{% endif %}
-{% else %}
-#
-# OpenVPN site-2-site mode
-#
-ping {{ keep_alive.interval }}
-ping-restart {{ keep_alive.failure_count }}
-
-{% if device_type == 'tap' %}
-{% if local_address is vyos_defined %}
-{% for laddr, laddr_conf in local_address.items() if laddr | is_ipv4 %}
-{% if laddr_conf.subnet_mask is vyos_defined %}
-ifconfig {{ laddr }} {{ laddr_conf.subnet_mask }}
-{% endif %}
-{% endfor %}
-{% endif %}
-{% else %}
-{% for laddr in local_address if laddr | is_ipv4 %}
-{% for raddr in remote_address if raddr | is_ipv4 %}
-ifconfig {{ laddr }} {{ raddr }}
-{% endfor %}
-{% endfor %}
-{% for laddr in local_address if laddr | is_ipv6 %}
-{% for raddr in remote_address if raddr | is_ipv6 %}
-ifconfig-ipv6 {{ laddr }} {{ raddr }}
-{% endfor %}
-{% endfor %}
-{% endif %}
-{% endif %}
-
-{% if tls is vyos_defined %}
-# TLS options
-{% if tls.ca_certificate is vyos_defined %}
-ca /run/openvpn/{{ ifname }}_ca.pem
-{% endif %}
-{% if tls.certificate is vyos_defined %}
-cert /run/openvpn/{{ ifname }}_cert.pem
-{% endif %}
-{% if tls.private_key is vyos_defined %}
-key /run/openvpn/{{ ifname }}_cert.key
-{% endif %}
-{% if tls.crypt_key is vyos_defined %}
-tls-crypt /run/openvpn/{{ ifname }}_crypt.key
-{% endif %}
-{% if tls.crl is vyos_defined %}
-crl-verify /run/openvpn/{{ ifname }}_crl.pem
-{% endif %}
-{% if tls.tls_version_min is vyos_defined %}
-tls-version-min {{ tls.tls_version_min }}
-{% endif %}
-{% if tls.dh_params is vyos_defined %}
-dh /run/openvpn/{{ ifname }}_dh.pem
-{% elif mode is vyos_defined('server') and tls.private_key is vyos_defined %}
-dh none
-{% endif %}
-{% if tls.auth_key is vyos_defined %}
-{% if mode == 'client' %}
-tls-auth /run/openvpn/{{ ifname }}_auth.key 1
-{% elif mode == 'server' %}
-tls-auth /run/openvpn/{{ ifname }}_auth.key 0
-{% endif %}
-{% endif %}
-{% if tls.role is vyos_defined('active') %}
-tls-client
-{% elif tls.role is vyos_defined('passive') %}
-tls-server
-{% endif %}
-{% endif %}
-
-# Encryption options
-{% if encryption is vyos_defined %}
-{% if encryption.cipher is vyos_defined %}
-cipher {{ encryption.cipher | openvpn_cipher }}
-{% if encryption.cipher is vyos_defined('bf128') %}
-keysize 128
-{% elif encryption.cipher is vyos_defined('bf256') %}
-keysize 256
-{% endif %}
-{% endif %}
-{% if encryption.ncp_ciphers is vyos_defined %}
-data-ciphers {{ encryption.ncp_ciphers | openvpn_ncp_ciphers }}
-{% endif %}
-{% endif %}
-
-{% if hash is vyos_defined %}
-auth {{ hash }}
-{% endif %}
-
-{% if authentication is vyos_defined %}
-auth-user-pass {{ auth_user_pass_file }}
-auth-retry nointeract
-{% endif %}